This commit is contained in:
runningwater 2019-07-07 18:04:44 +08:00
commit e817f9036d
17 changed files with 2095 additions and 658 deletions

View File

@ -1,8 +1,8 @@
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-11066-1.html)
[#]: subject: (How To Find The Port Number Of A Service In Linux)
[#]: via: (https://www.ostechnix.com/how-to-find-the-port-number-of-a-service-in-linux/)
[#]: author: (sk https://www.ostechnix.com/author/sk/)
@ -16,9 +16,9 @@
### 在 Linux 中查找服务的端口号
**方法1使用 [grep][2] 命令**
#### 方法1使用 grep 命令
要使用 grep 命令在 Linux 中查找指定服务的默认端口号,只需运行:
要使用 `grep` 命令在 Linux 中查找指定服务的默认端口号,只需运行:
```
$ grep <port> /etc/services
@ -84,11 +84,11 @@ tftp 69/tcp
[...]
```
**方法 2使用 getent 命令**
#### 方法 2使用 getent 命令
如你所见,上面的命令显示指定搜索词 “ssh”、“http” 和 “ftp” 的所有端口名称和数字。这意味着,你将获得与给定搜索词匹配的所有端口名称的相当长的输出。
但是,你可以使用 “getent” 命令精确输出结果,如下所示:
但是,你可以使用 `getent` 命令精确输出结果,如下所示:
```
$ getent services ssh
@ -114,17 +114,15 @@ http 80/tcp
$ getent services
```
**方法 3使用 Whatportis 程序**
#### 方法 3使用 Whatportis 程序
**Whatportis** 是一个简单的 python 脚本,来用于查找端口名称和端口号。与上述命令不同,此程序以漂亮的表格形式输出。
Whatportis 是一个简单的 Python 脚本,来用于查找端口名称和端口号。与上述命令不同,此程序以漂亮的表格形式输出。
确保已安装 PIP 包管理器。如果没有,请参考以下链接。
确保已安装 pip 包管理器。如果没有,请参考以下链接。
* [**如何使用 Pip 管理 Python 包**][6]
- [如何使用 pip 管理 Python 包][6]
安装 PIP 后,运行以下命令安装 Whatportis 程序。
安装 pip 后,运行以下命令安装 Whatportis 程序。
```
$ pip install whatportis
@ -144,9 +142,9 @@ $ whatportis http
![][7]
在 Linux 中查找服务的端口号
*在 Linux 中查找服务的端口号*
如果你不知道服务的确切名称,请使用 **like** 标志来显示相关结果。
如果你不知道服务的确切名称,请使用 `like` 标志来显示相关结果。
```
$ whatportis mysql --like
@ -158,7 +156,7 @@ $ whatportis mysql --like
$ whatportis 993
```
你甚至可以以 **JSON** 格式显示结果。
你甚至可以以 JSON 格式显示结果。
```
$ whatportis 993 --json
@ -168,9 +166,7 @@ $ whatportis 993 --json
有关更多详细信息,请参阅 GitHub 仓库。
* [**Whatportis GitHub 仓库**][9]
* [Whatportis GitHub 仓库][9]
就是这些了。你现在知道了如何使用三种简单方法在 Linux 中查找端口名称和端口号。如果你知道任何其他方法/命令,请在下面的评论栏告诉我。我会查看并更相应地更新本指南。
@ -181,7 +177,7 @@ via: https://www.ostechnix.com/how-to-find-the-port-number-of-a-service-in-linux
作者:[sk][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

View File

@ -1,30 +1,32 @@
[#]: collector: (lujun9972)
[#]: translator: (luuming)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-11067-1.html)
[#]: subject: (When to be concerned about memory levels on Linux)
[#]: via: (https://www.networkworld.com/article/3394603/when-to-be-concerned-about-memory-levels-on-linux.html)
[#]: author: (Sandra Henry-Stocker https://www.networkworld.com/author/Sandra-Henry_Stocker/)
何时需要关注 linux 的内存层面
何时需要关注 Linux 的内存用量
======
Linux 上的内存管理很复杂。尽管使用率高但未必存在问题。你也应当关注一些其他的事情。
![Qfamily \(CC BY 2.0\)][1]
> Linux 上的内存管理很复杂。尽管使用率高但未必存在问题。你也应当关注一些其他的事情。
![](https://img.linux.net.cn/data/attachment/album/201907/06/173913n6rjbxwj6bfrjxwx.jpg)
在 Linux 上用光内存通常并不意味着存在严重的问题。为什么?因为健康的 Linux 系统会在内存中缓存磁盘活动,基本上占用掉了未被使用的内存,这显然是一件好事情。
换句话说它不让内存浪费掉。使用空闲的内存增加磁盘访问速度并且不占用运行中应用程序的内存。你也能够想到使用这种内存缓存比起直接访问硬盘驱动HDD快上数百倍也比明显快于直接访问固态硬盘驱动。内存占满或几乎占满通常意味着系统正在尽可能高效地运行当中——并不是运行中遇到了问题。
换句话说,它不让内存浪费掉。使用空闲的内存增加磁盘访问速度,并且不占用运行中应用程序的内存。你也能够想到,使用这种内存缓存比起直接访问硬盘驱动HDD快上数百倍也比明显快于直接访问固态硬盘驱动。内存占满或几乎占满通常意味着系统正在尽可能高效地运行当中 —— 并不是运行中遇到了问题。
### 缓存如何工作
磁盘缓存简单地意味着系统充分利用未使用的资源(空闲内存)来加速磁盘读取与写入。应用程序不会失去任何东西,并且大多数时间里能够按需求获得更多的内存。此外,磁盘缓存不会导致应用程序使用交换分区。反而,用作磁盘缓存的内存空间当被需要时会立即归还,并且磁盘内容会被更新。
磁盘缓存简单地意味着系统充分利用未使用的资源(空闲内存)来加速磁盘读取与写入。应用程序不会失去任何东西,并且大多数时间里能够按需求获得更多的内存。此外,磁盘缓存不会导致应用程序转而使用交换分区。反而,用作磁盘缓存的内存空间当被需要时会立即归还,并且磁盘内容会被更新。
### 主要和次要的页故障
Linux 系统通过分割物理内存为进程分配空间,将分割成的块称为“页”,并且映射这些页到每个进程的虚拟内存上。不再会用到的页也许会从内存中移除,尽管相关的进程还在运行。当进程需要一个没有被映射或没在内存中页时,故障便会产生。所以,“<ruby>故障<rt>fault</rt></ruby>”并不意味着“<ruby>错误<rt>error</rt></ruby>”而是“<ruby>不可用<rt>unavailables</rt></ruby>”,并且故障在内存管理中扮演者一个重要的角色。
Linux 系统通过分割物理内存为进程分配空间,将分割成的块称为“页”,并且映射这些页到每个进程的虚拟内存上。不再会用到的页也许会从内存中移除,尽管相关的进程还在运行。当进程需要一个没有被映射或没在内存中页时,故障便会产生。所以,这个<ruby>故障<rt>fault</rt></ruby>”并不意味着“<ruby>错误<rt>error</rt></ruby>”而是“<ruby>不可用<rt>unavailables</rt></ruby>”,并且故障在内存管理中扮演者一个重要的角色。
次要故障意味着在内存中的页未分配给请求的进程或未在内存管理单元中标记为出现。主要故障意味着页保留在内存中。
次要故障意味着在内存中的页未分配给请求的进程或未在内存管理单元中标记为出现。主要故障意味着页没有保留在内存中。
如果你想切身感受一下次要页故障和主要页故障出现的频率,像这样试一下 `ps` 命令。注意我们要的是与页故障和产生它的命令相关的项。输出中省略了很多行。`MINFL` 显示出次要故障的数目,而 `MAJFL` 表示了主要故障的数目。
@ -45,7 +47,7 @@ $ ps -eo min_flt,maj_flt,cmd
927 0 gdm-session-worker [pam/gdm-password]
```
汇报单一进程,你可以尝试这样的命令:
汇报单一进程,你可以尝试这样的命令LCTT 译注:参数里面的 `1` 是要查看的进程的 PID
```
$ ps -o min_flt,maj_flt 1
@ -53,7 +55,7 @@ $ ps -o min_flt,maj_flt 1
230064 150
```
你也可以添加其他的,例如进程所有者的 UID 和 GID。
你也可以添加其他的显示字段,例如进程所有者的 UID 和 GID。
```
$ ps -o min_flt,maj_flt,cmd,args,uid,gid 1
@ -63,7 +65,7 @@ $ ps -o min_flt,maj_flt,cmd,args,uid,gid 1
### 多少才算满?
一种较好的方法来掌握内存究竟使用了多少是用 `free -m` 命令。`-m` 选项指定了数字的单位是 <ruby>MiBs<rt>mebibytes</rt></ruby> 而不是字节。
一种较好的方法来掌握内存究竟使用了多少是用 `free -m` 命令。`-m` 选项指定了数字的单位是 <ruby>MiB<rt>mebibyte</rt></ruby> 而不是字节。
```
$ free -m
@ -91,11 +93,10 @@ Swap: 3535 0 3535
### Linux 性能很复杂
把所有的放在一边Linux 系统上的内存可能会变满,并且性能可能会降低。当系统出现问题时不要仅将单一的内存使用报告作为指标。
抛开这些不说Linux 系统上的内存可能会变满,并且性能可能会降低。当系统出现问题时不要仅将单一的内存使用报告作为指标。
Linux 系统的内存管理很复杂,因为它采取的措施需要确保系统资源得到最好的利用。不要受到一开始内存占满的欺骗,使你认为系统存在问题,但实际上并没有。
在 [Facebook][4] 和 [LinkedIn][5] 上加入网络研讨会发表你的评论。
--------------------------------------------------------------------------------
@ -104,7 +105,7 @@ via: https://www.networkworld.com/article/3394603/when-to-be-concerned-about-mem
作者:[Sandra Henry-Stocker][a]
选题:[lujun9972][b]
译者:[LuuMing](https://github.com/LuuMing)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

View File

@ -1,36 +1,37 @@
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-11063-1.html)
[#]: subject: (Free and Open Source Trello Alternative OpenProject 9 Released)
[#]: via: (https://itsfoss.com/openproject-9-release/)
[#]: author: (Ankush Das https://itsfoss.com/author/ankush/)
替代 Trello 的免费开源 OpenProject 9 发布了
替代 Trello 的 OpenProject 9 发布了
======
![](https://img.linux.net.cn/data/attachment/album/201907/06/130201r9g70u01uuvvvvu7.jpg)
[OpenProject][1] 是一个开源项目协作管理软件。它是 [Trello][2] 和 [Jira][3] 等专有方案的替代品。
如果个人使用,你可以免费使用它,并在你自己的服务器上进行设置(并托管它)。这样,你就可以控制数据。
当然,如果你是[云或企业版用户][4],那么你可以使用高级功能和更优先的帮助。
当然,如果你是[企业用户][4],那么你可以使用高级功能和更优先的帮助。
OpenProject 9 的重点是新的看板试图,包列表视图和工作模板。
OpenProject 9 的重点是新的面板视图,包列表视图和工作模板。
如果你对此不了解,可以尝试一下。但是,如果你是现有用户 - 在迁移到 OpenProject 9 之前,你应该知道这些新功能。
如果你对此不了解,可以尝试一下。但是,如果你是已有用户 —— 在迁移到 OpenProject 9 之前,你应该知道这些新功能。
### OpenProject 9 有什么新功能?
以下是最新版 OpenProject 的一些主要更改。
#### Scrum 和敏捷
#### Scrum 和敏捷
![][5]
对于云和企业版,有一个新的 [scrum][6] 和[敏捷][7]看板视图。你还可以 [kanban 风格][8]方式展示你的工作,从而更轻松地支持你的敏捷和 scrum 团队。
对于企业云版,有了一个新的 [scrum][6] 和[敏捷][7]面板视图。你还可以[看板风格][8]方式展示你的工作,从而更轻松地支持你的敏捷和 scrum 团队。
新的板视图使你可以轻松了解为该任务分配的人员并快速更新状态。你还有不同的看板视图选项,如基本看板、状态看板和版本看板。
新的板视图使你可以轻松了解为该任务分配的人员并快速更新状态。你还有不同的面板视图选项,如基本面板、状态面板和版本面板。
#### 工作包模板
@ -46,9 +47,9 @@ OpenProject 9 的重点是新的看板试图,包列表视图和工作模板。
#### “我的”页面的可自定义工作包视图
“我的”页面显示你正在处理的内容(以及进度),它不应该一直很无聊。因此,现在你可以自定义它,甚至可以添加甘特图来可视化你的工作。
“我的”页面显示你正在处理的内容(以及进度),它不应该一直那么呆板。因此,现在你可以自定义它,甚至可以添加甘特图来可视化你的工作。
**总结**
### 总结
有关迁移和安装的详细说明,请参阅[官方的公告帖][12],其中包含了必要的细节。
@ -61,7 +62,7 @@ via: https://itsfoss.com/openproject-9-release/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

View File

@ -1,16 +1,18 @@
[#]: collector: (lujun9972)
[#]: translator: (chen-ni)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-11064-1.html)
[#]: subject: (IPython is still the heart of Jupyter Notebooks for Python developers)
[#]: via: (https://opensource.com/article/19/6/ipython-still-heart-jupyterlab)
[#]: author: (Matthew Broberg https://opensource.com/users/mbbroberg/users/marcobravo)
对 Python 开发者而言IPython 仍然是 Jupyter Notebook 的核心
======
Jupyter 项目提供的魔法般的开发体验很大程度上得益于它的 IPython 基因。
![I love Free Software FSFE celebration][1]
> Jupyter 项目提供的魔法般的开发体验很大程度上得益于它的 IPython 基因。
![](https://img.linux.net.cn/data/attachment/album/201907/06/131704z1lsfssamfxrrliq.jpg)
最近刚刚写过我为什么觉得觉得 Jupyter 项目(特别是 JupyterLab提供了一种 [魔法般的 Python 开发体验][2]。在研究这些不同项目之间的关联的时候,我回顾了一下 Jupyter 最初从 IPython 分支出来的这段历史。正如 Jupyter 项目的 [大拆分™ 声明][3] 所说:
@ -34,7 +36,7 @@ Jupyter 项目提供的魔法般的开发体验很大程度上得益于它的 IP
### IPython 如今的作用
IPython 提供了一个强大的、交互性的 Python shell以及 Jupyter 的内核。安装完成之后,我可以在任何命令行运行 **ipython** 本身,将它当作一个(比默认 Python shell 好太多的Python shell 来使用:
IPython 提供了一个强大的、交互性的 Python shell以及 Jupyter 的内核。安装完成之后,我可以在任何命令行运行 `ipython` 本身,将它当作一个(比默认 Python shell 好太多的Python shell 来使用:
```
@ -50,15 +52,15 @@ In [4]: print(average)
6.571428571428571
```
这就让我们发现了一个更为重要的问题是IPython 让 JupyterLab 可以在项目中执行代码,并且支持了一系列被称为 *magic*的功能(感谢 Nicholas Reith 在我上一篇文章的评论里提到这点)。
这就让我们发现了一个更为重要的问题:是 IPython 让 JupyterLab 可以在项目中执行代码,并且支持了一系列被称为 *Magic* 的功能(感谢 Nicholas Reith 在我上一篇文章的评论里提到这点)。
### IPython 让魔法成为现实
JupyterLab 和其它使用 IPython 的前端工具可以让你感觉像是在最喜欢的 IDE 或者是终端模拟器的环境下工作。我非常喜欢 [dotfiles][5] 快捷键功能magic 也有类似 dotfile 的特征。比如说,可以试一下 **[%bookmark][6]** 这个命令。我把默认开发文件夹 **~/Develop** 关联到了一个可以在任何时候直接跳转的快捷方式上。
JupyterLab 和其它使用 IPython 的前端工具可以让你感觉像是在最喜欢的 IDE 或者是终端模拟器的环境下工作。我非常喜欢 [点文件][5] 快捷键功能Magic 也有类似点文件的特征。比如说,可以试一下 [%bookmark][6] 这个命令。我把默认开发文件夹 `~/Develop` 关联到了一个可以在任何时候直接跳转的快捷方式上。
![Screenshot of commands from JupyterLab][7]
**%bookmark**、**%cd**,以及我在前一篇文章里介绍过的 **!** 操作符,都是由 IPython 支持的。正如这篇 [文档][8] 所说:
`%bookmark`、`%cd`,以及我在前一篇文章里介绍过的 `!` 操作符,都是由 IPython 支持的。正如这篇 [文档][8] 所说:
> Jupyter 用户你们好Magic 功能是 IPython 内核提供的专属功能。一个内核是否支持 Magic 功能是由该内核的开发者针对该内核所决定的。
@ -66,7 +68,7 @@ JupyterLab 和其它使用 IPython 的前端工具可以让你感觉像是在最
作为一个好奇的新手,我之前并不是特别确定 IPython 是否仍然和 Jupyter 生态还有任何联系。现在我对 IPython 的持续开发有了新的认识和,并且意识到它正是 JupyterLab 强大的用户体验的来源。这也是相当有才华的一批贡献者进行最前沿研究的成果,所以如果你在学术论文中使用到了 Jupyter 项目的话别忘了引用他们。为了方便引用,他们还提供了一个 [现成的引文][9]。
如果你在考虑参与哪个开源项目的贡献的话,一定不要忘了 IPython 哦。记得看看 [最新发布说明][10],在这里可以找到 magic 功能的完整列表。
如果你在考虑参与哪个开源项目的贡献的话,一定不要忘了 IPython 哦。记得看看 [最新发布说明][10],在这里可以找到 Magic 功能的完整列表。
--------------------------------------------------------------------------------
@ -74,8 +76,8 @@ via: https://opensource.com/article/19/6/ipython-still-heart-jupyterlab
作者:[Matthew Broberg][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
译者:[chen-ni](https://github.com/chen-ni)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

View File

@ -0,0 +1,202 @@
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-11069-1.html)
[#]: subject: (How to use Tig to browse Git logs)
[#]: via: (https://opensource.com/article/19/6/what-tig)
[#]: author: (Olaf Alders https://opensource.com/users/oalders/users/mbbroberg/users/marcobravo)
如何使用 Tig 浏览 Git 日志
======
> Tig 可不仅仅是 Git 的文本界面。以下是它如何增强你的日常工作流程。
![](https://img.linux.net.cn/data/attachment/album/201907/07/111847v1zx3qk5qqhklyjp.png)
如果你使用 Git 作为你的版本控制系统,你可能已经让自己接受了 Git 是一个复杂的野兽的事实。它是一个很棒的工具,但浏览 Git 仓库可能很麻烦。因此像 [Tig][2] 这样的工具出现了。
来自 [Tig 手册页][3]
> Tig 是 `git`(1) 的基于 ncurses 的文本界面。它主要用作 Git 仓库浏览器,但也有助于在块级别暂存提交更改,并作为各种 Git 命令的输出分页器。
这基本上意味着 Tig 提供了一个可以在终端中运行的基于文本的用户界面。Tig 可以让你轻松浏览你的 Git 日志,但它可以做的远不止让你从最后的提交跳到前一个提交。
![Tig screenshot][4]
这篇快速入门的 Tig 中的许多例子都是直接从其出色的手册页中拿出来的。我强烈建议你阅读它以了解更多信息。
### 安装 Tig
* Fedora 和 RHEL `sudo dnf install tig`
* Ubuntu 和 Debian `sudo apt install tig`
* MacOS `brew install tig`
有关更多方式,请参阅官方[安装说明][5]。
### 浏览当前分支中的提交
如果要浏览分支中的最新提交,请输入:
```
tig
```
就是这样。这个三字符命令将启动一个浏览器,你可以在其中浏览当前分支中的提交。你可以将其视为 `git log` 的封装器。
要浏览这些输出,可以使用向上和向下箭头键从一个提交移动到另一个提交。按回车键将会垂直分割窗口,右侧包含所选提交的内容。你可以继续在左侧的提交历史记录中上下浏览,你的更改将显示在右侧。使用 `k``j` 可以逐行上下浏览,`-` 和空格键可以在右侧上下翻页。使用 `q` 退出右侧窗格。
搜索 `tig` 输出也很简单。使用 `/` (向前)或 `?` (向后)在左右窗格中搜索。
![Searching Tig][6]
这些就足以让你浏览你的提交信息了。这里有很多的键绑定,但单击 `h` 将显示“帮助”菜单,你可以在其中发现其导航和命令选项。你还可以使用 `/``?` 来搜索“帮助”菜单。使用 `q` 退出帮助。
![Tig Help][7]
### 浏览单个文件的修改
由于 Tig 是 `git log` 的封装器,它可以方便地接受可以传递给 `git log` 的相同参数。例如,要浏览单个文件的提交历史记录,请输入:
```
tig README.md
```
将其与被封装的 Git 命令的输出进行比较,以便更清楚地了解 Tig 如何增强输出。
```
git log README.md
```
要在原始 Git 输出中包含补丁,你可以添加 `-p` 选项:
```
git log -p README.md
```
如果要将提交范围缩小到特定日期范围,请尝试以下操作:
```
tig --after="2017-01-01" --before="2018-05-16" -- README.md
```
再一次,你可以将其与原始的 Git 版本进行比较:
```
git log --after="2017-01-01" --before="2018-05-16" -- README.md
```
### 浏览谁更改了文件
有时你想知道谁对文件进行了更改以及原因。命令:
```
tig blame README.md
```
器本质上是 `git blame` 的封装。正如你所期望的那样,它允许你查看谁是编辑指定行的最后一人,它还允许你查看到引入该行的提交。这有点像 vim 的 `vim-fugitive` 插件提供的 `:Gblame` 命令。
### 浏览你的暂存区
如果你像我一样,你可能会在你的暂存区做了许多修改。你很容易忘记它们。你可以通过以下方式查看暂存处中的最新项目:
```
git stash show -p stash@{0}
```
你可以通过以下方式找到第二个最新项目:
```
git stash show -p stash@{1}
```
以此类推。如果你在需要它们时调用这些命令,那么你会有比我更清晰的记忆。
与上面的 Git 命令一样Tig 可以通过简单的调用轻松增强你的 Git 输出:
```
tig stash
```
尝试在有暂存的仓库中执行此命令。你将能够浏览*并搜索*你的暂存项,快速浏览你的那些修改。
### 浏览你的引用
Git ref 是指你提交的东西的哈希值。这包括文件和分支。使用 `tig refs` 命令可以浏览所有的 ref 并深入查看特定提交。
```
tig refs
```
完成后,使用 `q` 回到前面的菜单。
### 浏览 git 状态
如果要查看哪些文件已被暂存,哪些文件未被跟踪,请使用 `tig status`,它是 `git status` 的封装。
![Tig status][8]
### 浏览 git grep
你可以使用 `grep` 命令在文本文件中搜索表达式。命令 `tig grep` 允许你浏览 `git grep` 的输出。例如:
```
tig grep -i foo lib/Bar
```
它会让你浏览 `lib/Bar` 目录中以大小写敏感的方式搜索 `foo` 的输出。
### 通过标准输入管道输出给 Tig
如果要将提交 ID 列表传递给 Tig那么必须使用 `--stdin` 标志,以便 `tig show` 从标准输入读取。否则,`tig show` 会在没有输入的情况下启动(出现空白屏幕)。
```
git rev-list --author=olaf HEAD | tig show --stdin
```
### 添加自定义绑定
你可以使用 [rc][9] 文件自定义 Tig。以下是如何根据自己的喜好添加一些有用的自定义键绑定的示例。
在主目录中创建一个名为 `.tigrc` 的文件。在你喜欢的编辑器中打开 `~/.tigrc` 并添加:
```
# 应用选定的暂存内容
bind stash a !?git stash apply %(stash)
# 丢弃选定的暂存内容
bind stash x !?git stash drop %(stash)
```
如上所述,运行 `tig stash` 以浏览你的暂存。但是,通过这些绑定,你可以按 `a` 将暂存中的项目应用到仓库,并按 `x` 从暂存中删除项目。请记住,你要在浏览暂存*列表*时,才能执行这些命令。如果你正在浏览暂存*项*,请输入 `q` 退出该视图,然后按 `a``x` 以获得所需效果。
有关更多信息,你可以阅读有关 [Tig 键绑定][10]。
### 总结
我希望这有助于演示 Tig 如何增强你的日常工作流程。Tig 可以做更强大的事情(比如暂存代码行),但这超出了这篇介绍性文章的范围。这里有足够的让你置身于危险的信息,但还有更多值得探索的地方。
--------------------------------------------------------------------------------
via: https://opensource.com/article/19/6/what-tig
作者:[Olaf Alders][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/oalders/users/mbbroberg/users/marcobravo
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/computer_keyboard_laptop_development_code_woman.png?itok=vbYz6jjb (A person programming)
[2]: https://jonas.github.io/tig/
[3]: http://manpages.ubuntu.com/manpages/bionic/man1/tig.1.html
[4]: https://opensource.com/sites/default/files/uploads/tig.jpg (Tig screenshot)
[5]: https://jonas.github.io/tig/INSTALL.html
[6]: https://opensource.com/sites/default/files/uploads/tig-search.png (Searching Tig)
[7]: https://opensource.com/sites/default/files/uploads/tig-help.png (Tig Help)
[8]: https://opensource.com/sites/default/files/uploads/tig-status.png (Tig status)
[9]: https://en.wikipedia.org/wiki/Run_commands
[10]: https://github.com/jonas/tig/wiki/Bindings

View File

@ -0,0 +1,100 @@
[#]: collector: (lujun9972)
[#]: translator: (chen-ni)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-11068-1.html)
[#]: subject: (Say WHAAAT? Mozilla has Been Nominated for the “Internet Villain” Award in the UK)
[#]: via: (https://itsfoss.com/mozilla-internet-villain/)
[#]: author: (Ankush Das https://itsfoss.com/author/ankush/)
什么Mozilla 被提名英国“互联网恶棍”奖
======
Mozilla Firefox 是目前最流行的浏览器之一。很多用户喜欢它胜过 Chrome 就是因为它鼓励隐私保护,并且可以通过一些选项设置让你的互联网活动尽可能地私密。
不过最近推出的功能之一 —— 仍然处于测试阶段的 [DoH (DNS-over-HTTPS)][1] 功能却受到了英国互联网服务提供商行业协会的负面评价。
英国<ruby>互联网服务提供商行业协会<rt>Internet Services Providers Association</rt></ruby>ISPA决定将 Mozilla 列入 2019 年“互联网恶棍”奖的最终入围者名单。该奖项将在 ISPA 于 7 月 11 日在伦敦举行的颁奖典礼上进行颁发。
![][3]
### 为什么说 “Mozilla” 是 “互联网恶棍”?
ISPA 在他们的声明中表示Mozilla 因为支持了 DoHDNS-over-HTTPS而被视为“互联网恶棍”。
> [@mozilla][4] 被提名为 [#ISPA][5] 的 [#互联网恶棍][6] 是因为他们试图推行 DNS-over-HTTPS 以绕开英国的内容过滤系统和家长监护模式,破坏了英国 [#互联网][7] 安全准则。 <https://t.co/d9NaiaJYnk> [pic.twitter.com/WeZhLq2uvi][8]
>
> — 英国互联网提供商行业协会 (ISPAUK) (@ISPAUK) [2019 年 7 月 4 日][9]
![](https://pbs.twimg.com/media/D-n8WlvX4AAnWIW.jpg)
和 Mozilla 一同被列入最终入围者名单的还有欧盟《版权法第 13 条》和美国总统特朗普。ISPA 在他们的声明里是这样解释的:
**Mozilla**:因为试图推行 DNS-over-HTTPS 以绕开英国的内容过滤系统和家长监护模式,破坏了英国互联网安全准则。
**欧盟《版权法第 13 条》**:因为要求各平台使用“内容识别技术”,威胁到了线上言论自由。
**美国总统特朗普**:因为在试图保护其国家安全的过程中,为复杂的全球通信供应链带来了巨大的不确定性。
### 什么是 DNS-over-HTTPS?
你可以将 DoH 理解为域名解析服务DNS的请求通过 HTTPS 连接加密传输。
传统意义上的 DNS 请求是不会被加密的,因此你的 DNS 提供商或者是互联网服务提供商ISP可以监视或者是控制你的浏览行为。如果没有 DoH你很容易被 DNS 提供商强制拦截和进行内容过滤,并且你的互联网服务提供商也同样可以做到。
然而 DoH 颠覆了这一点,可以让你得到一个私密的浏览体验。
你可以研究一下 [Mozilla 是如何开展和 Cloudflare 的合作的][11],并且可以自己配置一下 DoH如果需要的话
### DoH 有用吗?
既有用又没有用。
当然了从事情的一方面来看DoH 可以帮助用户绕过 DNS 或者互联网服务提供商强制的内容过滤系统。如果说 DoH 有助于满足我们避开互联网审查的需求,那么它是一件好事情。
不过从事情的另一方面来看,如果你是一位家长,而你的孩子在 Mozilla Firefox 上使用了 DoH 的话,你就无法 [设置内容过滤器][12] 了。这取决于 [防火墙配置][13] 的好坏。
DoH 可能会成为一些人绕过家长监护的手段,这可能不是一件好事。
如果我这样的说法有问题,你可以在下面的评论区纠正我。
并且,使用 DoH 就意味着你没办法使用本地 host 文件了(如果你正用它作为广告拦截或者是其它用途的话)。
### 总结
你是如何看待 DoH 的呢?它足够好吗?
你又是如何看待 ISPA 的决定的呢?你觉得他们这样的声明是不是在鼓励互联网审查和政府对网民的监控呢?
我个人觉得这个提名决定非常可笑。即使 DoH 并不是所有人都需要的那个终极功能,能够有一种保护个人隐私的选择也总不是件坏事。
在下面的评论区里发表你的看法吧。最后我想引用这么一句话:
> 在谎言遍地的时代说真话是一种革命行为。LCTT 译注:引自乔治奥威尔)
--------------------------------------------------------------------------------
via: https://itsfoss.com/mozilla-internet-villain/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[chen-ni](https://github.com/chen-ni)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: https://en.wikipedia.org/wiki/DNS_over_HTTPS
[2]: https://www.ispa.org.uk/ispa-announces-finalists-for-2019-internet-heroes-and-villains-trump-and-mozilla-lead-the-way-as-villain-nominees/
[3]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2019/07/mozilla-internet-villain.jpg?resize=800%2C450&ssl=1
[4]: https://twitter.com/mozilla?ref_src=twsrc%5Etfw
[5]: https://twitter.com/hashtag/ISPAs?src=hash&ref_src=twsrc%5Etfw
[6]: https://twitter.com/hashtag/InternetVillain?src=hash&ref_src=twsrc%5Etfw
[7]: https://twitter.com/hashtag/internet?src=hash&ref_src=twsrc%5Etfw
[8]: https://t.co/WeZhLq2uvi
[9]: https://twitter.com/ISPAUK/status/1146725374455373824?ref_src=twsrc%5Etfw
[10]: https://itsfoss.com/why-firefox/
[11]: https://blog.nightly.mozilla.org/2018/06/01/improving-dns-privacy-in-firefox/
[12]: https://itsfoss.com/how-to-block-porn-by-content-filtering-on-ubuntu/
[13]: https://itsfoss.com/set-up-firewall-gufw/

View File

@ -0,0 +1,49 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Donald Trump Now Wants to Ban End-to-End Encryption)
[#]: via: (https://news.softpedia.com/news/donald-trump-now-wants-to-ban-end-to-end-encryption-526567.shtml)
[#]: author: (Bogdan Popa https://news.softpedia.com/editors/browse/bogdan-popa)
Donald Trump Now Wants to Ban End-to-End Encryption
======
**After[banning][1] and [unbanning][2] Huawei, United States President Donald Trump is now planning to go after end-to-end encryption, with a new report claiming that senior White House officials met this week to discuss the first step the administration could make in this regard.**
[Politico][3] notes, citing three people familiar with the matter, that number two officials from several key agencies discussed a potential offensive against end-to-end encryption.
“The two paths were to either put out a statement or a general position on encryption, and [say] that they would continue to work on a solution, or to ask Congress for legislation,” one source was quoted as saying by the cited publication.
While the White House administration wants to kill off end-to-end encryption in software developed by American companies, this proposal was received with mixed reactions from representatives of various agencies in the country.
For example, the DHS “is internally divided,” Politico notes, as the agency is aware of the security implications that banning end-to-end encryption could generate.
### The encryption dispute
Pushing for regulations against end-to-end encryption is described as a decisive step in the efforts of intelligence agencies and law enforcement in the United States to access devices and data belonging to criminals and terrorists.
The encryption, which the majority of American companies have already bundled into their products, including here Apple and Google, blocks investigators from accessing suspects data. Tech companies position end-to-end encryption as a key privacy feature, and several of them have warned that any regulation against it could even affect national security.
Apple, in particular, is one of the biggest companies fighting against anti-encryption regulation. The company [**refused to unlock an iPhone used by the San Bernardino terrorist**][4], explaining that breaking into the device would have compromised the security of all customers.
The FBI eventually unlocked the device using software developed by a third-party.
--------------------------------------------------------------------------------
via: https://news.softpedia.com/news/donald-trump-now-wants-to-ban-end-to-end-encryption-526567.shtml
作者:[Bogdan Popa;Jun][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.softpedia.com/editors/browse/bogdan-popa
[b]: https://github.com/lujun9972
[1]: https://news.softpedia.com/news/google-bans-huawei-from-using-android-google-play-gmail-other-services-526083.shtml
[2]: https://news.softpedia.com/news/breaking-donald-trump-says-huawei-can-buy-american-products-again-526564.shtml
[3]: https://www.politico.com/story/2019/06/27/trump-officials-weigh-encryption-crackdown-1385306
[4]: https://news.softpedia.com/news/judge-orders-apple-to-help-the-fbi-hack-san-bernardino-shooter-s-iphone-500517.shtml

View File

@ -0,0 +1,59 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Lessons in Vendor Lock-in: Google and Huawei)
[#]: via: (https://www.linuxjournal.com/content/lessons-vendor-lock-google-and-huawei)
[#]: author: (Kyle Rankin https://www.linuxjournal.com/users/kyle-rankin)
Lessons in Vendor Lock-in: Google and Huawei
======
![](https://www.linuxjournal.com/sites/default/files/styles/850x500/public/nodeimage/story/bigstock-Us--China-Trade-War-Boxing-F-252887971_1.jpg?itok=oZBwXDrP)
What happens when you're locked in to a vendor that's too big to fail, but is on the opposite end of a trade war?
The story of Google no longer giving Huawei access to Android updates is still developing, so by the time you read this, the situation may have changed. At the moment, Google has granted Huawei a 90-day window whereby it will have access to Android OS updates, the Google Play store and other Google-owned Android assets. After that point, due to trade negotiations between the US and China, Huawei no longer will have that access.
Whether or not this new policy between Google and Huawei is still in place when this article is published, this article isn't about trade policy or politics. Instead, I'm going to examine this as a new lesson in vendor lock-in that I don't think many have considered before: what happens when the vendor you rely on is forced by its government to stop you from being a customer?
### Too Big to Fail
Vendor lock-in isn't new, but until the last decade or so, it generally was thought of by engineers as a bad thing. Companies would take advantage the fact that you used one of their products that was legitimately good to use the rest of their products that may or may not be as good as those from their competitors. People felt the pain of being stuck with inferior products and rebelled.
These days, a lot of engineers have entered the industry in a world where the new giants of lock-in are still growing and have only flexed their lock-in powers a bit. Many engineers shrug off worries about choosing a solution that requires you to use only products from one vendor, in particular if that vendor is a large enough company. There is an assumption that those companies are too big ever to fail, so why would it matter that you rely on them (as many companies in the cloud do) for every aspect of their technology stack?
Many people who justify lock-in with companies who are too big to fail point to all of the even more important companies who use that vendor who would have even bigger problems should that vendor have a major bug, outage or go out of business. It would take so much effort to use cross-platform technologies, the thinking goes, when the risk of going all-in with a single vendor seems so small.
Huawei also probably figured (rightly) that Google and Android were too big to fail. Why worry about the risks of being beholden to a single vendor for your OS when that vendor was used by other large companies and would have even bigger problems if the vendor went away?
### The Power of Updates
Google held a particularly interesting and subtle bit of lock-in power over Huawei (and any phone manufacturer who uses Android)—the power of software updates. This form of lock-in isn't new. Microsoft famously used the fact that software updates in Microsoft Office cost money (naturally, as it was selling that software) along with the fact that new versions of Office had this tendency to break backward compatibility with older document formats to encourage everyone to upgrade. The common scenario was that the upper-level folks in the office would get brand-new, cutting-edge computers with the latest version of Office on them. They would start saving new documents and sharing them, and everyone else wouldn't be able to open them. It ended up being easier to upgrade everyone's version of Office than to have the bosses remember to save new documents in old formats every time.
The main difference with Android is that updates are critical not because of compatibility, but for security. Without OS updates, your phone ultimately will become vulnerable to exploits that attackers continue to find in your software. The Android OS that ships on phones is proprietary and therefore requires permission from Google to get those updates.
Many people still don't think of the Android OS as proprietary software. Although people talk about the FOSS underpinnings in Android, only people who go to the extra effort of getting a pure-FOSS version of Android, like LineageOS, on their phones actually experience it. The version of Android most people tend to use has a bit of FOSS in the center, surrounded by proprietary Google Apps code.
It's this Google Apps code that gives Google the kind of powerful leverage over a company like Huawei. With traditional Android releases, Google controls access to OS updates including security updates. All of this software is signed with Google's signing keys. This system is built with security in mind—attackers can't easily build their own OS update to install on your phone—but it also has a convenient side effect of giving Google control over the updates.
What's more, the Google Apps suite isn't just a convenient way to load Gmail or Google Docs, it also includes the tight integration with your Google account and the Google Play store. Without those hooks, you don't have access to the giant library of applications that everyone expects to use on their phones. As anyone with a LineageOS phone that uses F-Droid can attest, while a large number of applications are available in the F-Droid market, you can't expect to see those same apps as on Google Play. Although you can side-load some Google Play apps, many applications, such as Google Maps, behave differently without a Google account. Note that this control isn't unique to Google. Apple uses similar code-signing features with similar restrictions on its own phones and app updates.
### Conclusion
Without access to these OS updates, Huawei now will have to decide whether to create its own LineageOS-style Android fork or a whole new phone OS of its own. In either case, it will have to abandon the Google Play Store ecosystem and use F-Droid-style app repositories, or if it goes 100% alone, it will need to create a completely new app ecosystem. If its engineers planned for this situation, then they likely are working on this plan right now; otherwise, they are all presumably scrambling to address an event that "should never happen". Here's hoping that if you find yourself in a similar case of vendor lock-in with an overseas company that's too big to fail, you never get caught in the middle of a trade war.
--------------------------------------------------------------------------------
via: https://www.linuxjournal.com/content/lessons-vendor-lock-google-and-huawei
作者:[Kyle Rankin][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.linuxjournal.com/users/kyle-rankin
[b]: https://github.com/lujun9972

View File

@ -0,0 +1,206 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Best Linux Distributions for Beginners)
[#]: via: (https://itsfoss.com/best-linux-beginners/)
[#]: author: (Aquil Roshan https://itsfoss.com/author/aquil/)
Best Linux Distributions for Beginners
======
_**Brief** : In this article, we will see the **best Linux distro for beginners**_. This will help new Linux users to pick their first distribution.
Lets face it, [Linux][1] can pose an overwhelming complexity to new users. But then, its not Linux itself that brings this complexity. Rather, its the “newness” factor that causes this. Not getting nostalgic, but remembering my first time with Linux, I didnt even know what to expect. I liked it. But it was an upstream swim for me initially.
Not knowing where to start can be a downer. Especially for someone who does not have the concept of something else running on their PC in place of Windows.
Linux is more than an OS. Its an idea where everybody grows together and theres something for everybody. We have already covered:
* [Best Linux distributions for Windows users][2]
* [Best lightweight Linux distros][3]
* [Best Linux distributions for hacking][4]
* [Best Linux distributions for gaming][5]
* [Best Linux distributions for privacy and anonymity][6]
* [Best Linux distributions that look like MacOS][7]
In addition to that, there are distributions that cater to the needs of newcomers especially. So here are a few such Linux distros for beginners. You can watch it in a video and [subscribe to our YouTube channel][8] for more Linux related videos.
### Best Linux Distros for Beginners
Please remember that this list is no particular order. The main criteria for compiling this list is ease of installation, out of the box hardware software, ease of use and availability of software packages.
#### 1\. Ubuntu
If youve researched Linux on the internet, its highly probable that you have come across Ubuntu. Ubuntu is one of the leading Linux distributions. It is also the perfect path to begin your Linux journey.
![][9]
Ubuntu has been tagged as Linux for human beings. Now, this is because Ubuntu has put in a lot of effort on universal usability. Ubuntu does not require you to be technically sound for you to use it. It breaks the notion of Linux=Command line hassle. This is one of the major plus points that rocketed Ubuntu to where it is today.
Ubuntu offers a very convenient installation procedure. The installer speaks plain English (or any major language you want). You can even try out Ubuntu before actually going through the installation procedure. The installer provides simple options to:
* Install Ubuntu removing the older OS
* [Install Ubuntu alongside Windows][10] or any other existing OS (A choice is given at every startup to select the OS to boot).
* Configure partitions for users who know what they are doing.
_Beginner tip: Select the second option if you are not sure about what to do._
Ubuntus user interface is called GNOME. It is as simple as well as productive as it gets. You can search anything from applications to files by pressing the Windows key. Is there any way you can make this simpler?
There are no driver installation issues as Ubuntu comes with a hardware detector which detects, downloads and installs optimal drivers for your PC. Also, the installation comes with all the basic software like a music player, video player, an office suite and games for some time killing.
Ubuntu has a great documentation and community support. [Ubuntu forums ][11]and [Ask Ubuntu][12] provide an appreciable quality support in almost all aspects regarding Ubuntu. Its highly probable that any question you might have will already be answered. And the answers are beginner friendly.
Do check out and download [Ubuntu][13] at the [official site.][13]
#### 2\. Linux Mint Cinnamon
For years, Linux Mint has been the **number one** Linux distribution on [Distrowatch][14]. Well deserved throne I must say. Linux mint is one of my personal favorites. It is elegant, graceful and provides a superior computing experience (out of the box).
![][15]
Linux Mint features the Cinnamon desktop environment. New Linux users who are still in the process of familiarizing themselves with Linux software will find Cinnamon very useful. All the software are very accessibly grouped under categories. Although this is nothing of a mind-blowing feature, to new users who do not know the names of Linux software, this is a huge bonus.
[][16]
Suggested read Installing Microsoft Visual Studio Code on Linux
Linux Mint is fast. Runs fine on older computers. Linux Mint is built upon the rock-solid Ubuntu base. It uses the same software repository as Ubuntu. About the Ubuntu software repository, Ubuntu pushes software for general only use after extensive testing. This means users will not have to deal with unexpected crashes and glitches that some new software are prone to, which can be a real no-no for new Linux users.
![][17]
Windows 7 lovers who are really not into where Microsoft if heading with Windows 10 will find Linux Mint lovable. Linux Mint desktop is pretty similar to Windows 7 desktop. Similar toolbar, similar menu, similar tray icons are all set to make Windows users feel absolutely at home.
Personally, Im more likely to suggest Linux Mint to someone who is new to Linux world as Linux Mint does impress users enough for them to accept it. To me, Linux Mint should be the first among the list of Linux for beginners.
Do check out [Linux Mint here][18]. Go for the Cinnamon version.
#### 3\. Zorin OS
A majority of computer users are Windows users. And when a [Windows user gets a Linux][2], theres a fair amount of unlearning process that user must go through. A huge amount of operations have been fixed in our muscle memory. For example, the mouse reaching to the lower left corner of the screen (Start) everytime you want to launch an application. So if we could find something that eases these issues on Linux, its half a battle won. Enter Zorin OS.
![][19]
Zorin OS is an Ubuntu-based, highly polished Linux distribution, entirely made for Windows refugees. Although pretty much every Linux distro is usable by everybody, some people might tend to be reluctant when the desktop looks too alien. Zorin OS dodges past this obstacle because of its similarities with Windows appearance wise.
Package managers are something of a new concept to Linux newcomers. Thats why Zorin OS comes with a huge (I mean really huge) list of pre-installed software. Anything you need, theres good chance its already installed on Zorin OS. As if that was not enough, [Wine and PlayOnLinux][20] come pre-installed so you can run your loved Windows software and [games][21] here too.
![][22]
Zorin OS comes with an amazing theme engine called the Zorin look changer. It offers some heavy customization options with presets to make your OS look like Windows 7, XP, 2000 or even a Mac for that matter. Youre going to feel home.
![][23]
These features make Zorin OS the _**best Linux distro for beginners**_ , isnt it? Do check out the [Zorin OS website][24] to know more and download the OS.
#### 4\. Elementary OS
Since we have taken a look at Linux distros for Windows users, lets swing by something for MacOS users too. Elementary OS very quickly rose to fame and now is always included in the list of top distros, all thanks to its aesthetic essence. Inspired by MacOS looks, Elementary OS is one of the most beautiful Linux distros.
![][25]
Elementary OS is another Ubuntu-based operating system which means the operating system itself is unquestionably stable. Elementary OS features the Pantheon desktop environment. You can immediately notice the resemblance to MacOS desktop. This is an advantage to MacOS users switching to Linux as they will much comfortable with the desktop and this really eases the process of coping to this change.
![][26]
The menu is simple and customizable according to user preferences. The operating system is zero intrusive so you can really focus on your work. It comes with a very small number of pre-installed software. So, any new user will not be repulsed by huge bloat. But hey, its got everything you need out of the box. For more software, Elementary OS provides a neat AppCenter. It is highly accessible and simple. Everything at one place. You can get all the software you want and perform upgrades in clicks.
[][27]
Suggested read How to Install and Use Slack in Linux
Experience wise, [Elementary OS][28] is really a great piece of software. Definitely give [it a try.][28]
#### 5\. Linux Mint Mate
A good number of people who come to Linux are looking to revive older computers. With Windows 10, many computers that had decent specs just some years ago have become incompetent. A quick google will suggest you install Linux on such computers. In that way, you can keep them running up to the mark for the near future. Linux Mint Mate is a great Linux distro if you are looking for something to run your older computers.
![][29]
Linux Mint Mate is very light, resource efficient but still a polished distro. It can run smoothly on computers with less muscle power. The desktop environment does not come with bells and jingles. But in no way is it functionally inferior to any other desktop environments. The operating system is non-intrusive and allows you to have a productive computing experience without getting in your way.
Again, the Linux Mint Mate is based on Ubuntu and has the advantage of huge base solid Ubuntu software repository. It comes with a minimum number of necessities pre-installed. Easy driver installation and setting management are made available.
You can run Linux Mint Mate even if you have 512 MB RAM and 9 GB hard disk space (the more the merrier).
The Mate desktop environment is really simple to use with no twists in the tale. This is really a huge plus point for Linux beginners. All the more reason to [try out Linux Mint Mate][30].
#### 6\. Manjaro Linux
Ok. Any long time Linux user will say guiding a newcomer even in the general direction of Arch Linux is a sin. But hear me out.
Arch is considered experts-only Linux because of its highly complex installation procedure. Manajro and Arch Linux have a common origin. But they differ extensively in everything else.
![][31]
Manajro Linux has an extremely beginner friendly installation procedure. A lot of things are automated like driver installation using Hardware detection. Manjaro hugely negates the hardware driver hassles that torments a lot of other Linux distros. And even if you face any issues, Manjaro has an amazing community support.
Manjaro has its own software repository which maintains the latest of software. While providing up to date software to users is a priority, guaranteed stability is not at all compromised. This is one of the prime differences between Arch and Manjaro. Manjaro delays package releases to make sure they are absolutely stable and no regression will be caused. You can also access the Arch User Repository on Manjaro, so anything and everything you need, is always available.
If you want to know more about Manjaro features, do read my colleague [Johns experience with Manjaro Linux and why he is hooked][32] to it.
![][33]
Manjaro Linux comes in XFCE, KDE, Gnome, Cinnamon and a host of more desktop environments. Do check out the [official website][34].
To install any of the above 6 operating systems, you need to create a bootable USB stick. If you are currently using Windows [use this guide to do so][35]. Mac OS users may [follow this guide][36].
**Your choice for the best Linux distro for beginners?**
Linux might come with a learning curve, but thats not something anybody ever regretted. Go ahead get an ISO and check out Linux. If you are already a Linux user, do share this article and help someone fall in love with Linux in this season of love. Cheers.
--------------------------------------------------------------------------------
via: https://itsfoss.com/best-linux-beginners/
作者:[Aquil Roshan][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://itsfoss.com/author/aquil/
[b]: https://github.com/lujun9972
[1]: https://www.linux.com/what-is-linux
[2]: https://itsfoss.com/windows-like-linux-distributions/
[3]: https://itsfoss.com/lightweight-linux-beginners/
[4]: https://itsfoss.com/linux-hacking-penetration-testing/
[5]: https://itsfoss.com/linux-gaming-distributions/
[6]: https://itsfoss.com/privacy-focused-linux-distributions/
[7]: https://itsfoss.com/macos-like-linux-distros/
[8]: https://www.youtube.com/c/itsfoss
[9]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2018/06/ubuntu-18-04-desktop.jpeg?resize=800%2C450&ssl=1
[10]: https://itsfoss.com/install-ubuntu-1404-dual-boot-mode-windows-8-81-uefi/
[11]: https://ubuntuforums.org/
[12]: http://askubuntu.com/
[13]: https://www.ubuntu.com/
[14]: https://distrowatch.com/
[15]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2017/02/LM_Home.jpg?ssl=1
[16]: https://itsfoss.com/install-visual-studio-code-ubuntu/
[17]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2017/02/LM_SS.jpg?ssl=1
[18]: https://linuxmint.com/
[19]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2017/02/Zorin.jpg?ssl=1
[20]: https://itsfoss.com/use-windows-applications-linux/
[21]: https://itsfoss.com/linux-gaming-guide/
[22]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2017/02/Zorin-office.jpg?ssl=1
[23]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2017/02/OSX.jpg?ssl=1
[24]: https://zorinos.com/
[25]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2017/02/Pantheon-Desktop.jpg?resize=800%2C500&ssl=1
[26]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2017/02/Application-Menu.jpg?ssl=1
[27]: https://itsfoss.com/slack-use-linux/
[28]: https://elementary.io/
[29]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2017/02/mate.jpg?ssl=1
[30]: http://blog.linuxmint.com/?p=3182
[31]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2017/02/manajro.jpg?ssl=1
[32]: https://itsfoss.com/why-use-manjaro-linux/
[33]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2017/02/manjaro-kde.jpg?ssl=1
[34]: https://manjaro.org/
[35]: https://www.ubuntu.com/download/desktop/create-a-usb-stick-on-windows
[36]: https://www.ubuntu.com/download/desktop/create-a-usb-stick-on-macos

View File

@ -1,276 +0,0 @@
[#]: collector: (lujun9972)
[#]: translator: (chen-ni)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Make Linux stronger with firewalls)
[#]: via: (https://opensource.com/article/19/7/make-linux-stronger-firewalls)
[#]: author: (Seth Kenlon https://opensource.com/users/seth)
Make Linux stronger with firewalls
======
Learn how firewalls work and which settings to tweak for better Linux
security.
![People working together to build ][1]
Everyone's heard of firewalls, even if only as a plot device in a TV cybercrime drama. Many people also know that their computer is (likely) running a firewall, but fewer people understand how to take control of their firewall when necessary.
Firewalls block unwanted network traffic, but different networks have different threat levels. For instance, if you're at home, you probably trust the other computers and devices on your network a lot more than when you're out at the local café using public WiFi. You can hope your computer differentiates between a trusted network and an untrusted one, or you can learn to manage, or at least verify, your security settings yourself.
### How firewalls work
Communication between devices on a network happens through gateways called _ports_. Port, in this context, doesn't mean a physical connection like a USB port or an HDMI port. In network lingo, a port is an entirely virtual concept representing pathways for a specific type of data to either arrive at or depart from a computer. This system could have been called anything, like "connections" or "doorways," but they were named ports at least [as early as 1981][2], and that's the name in use today. The point is, there's nothing special about any port; they're just a way to designate an address where data transference may happen.
Back in 1972, [a list of port numbers][3] (then called "sockets") was published, and this has since evolved into a set of well-known standard port numbers that help manage specific kinds of traffic. For instance, you access ports 80 and 443 on a daily basis when you visit a website, because most everyone on the internet has agreed, implicitly or explicitly, that data is transferred from web servers over those ports. You can test this theory by opening a web browser and navigating to a website with a nonstandard port appended to the URL. For instance, if you navigate to **example.com:42**, your request is denied because example.com does not serve a website at port 42.
![Navigating to a nonstandard port produces an error][4]
If you revisit the same website at port 80, you get a website, as expected. You can specify port 80 with **:80** at the end of the URL, but because port 80 is the standard port for HTTP traffic, your web browser assumes port 80 by default.
When a computer, like a web server, expects traffic at a specific port, it's acceptable (and necessary) to have the port open for traffic. The danger is leaving ports open that you have no reason to expect traffic on, and that's exactly what a firewall is for.
### Install firewalld
There are many interfaces for firewall configuration. This article covers [**firewalld**][5], which integrates with Network Manager on the desktop and **firewall-cmd** in the terminal. Many Linux distributions ship with these tools installed. If yours doesn't, you can either take this article as general advice for firewall management and apply it to what you use, or you can install **firewalld**.
On Ubuntu, for instance, you must enable the **universe** repository, deactivate the default **ufw** firewall, and then install **firewalld**:
```
$ sudo systemctl disable ufw
$ sudo add-apt-repository universe
$ sudo apt install firewalld
```
Fedora, CentOS, RHEL, OpenSUSE, and many others include **firewalld** by default.
Regardless of your distribution, for a firewall to be effective, it must be active and set to be loaded at boot. The less you have to think about firewall maintenance, the better.
```
`$ sudo systemctl enable --now firewalld`
```
### Choose your zone with Network Manager
You probably connect to many different networks every day. You're on one network at work, another at the café, and yet another at home. Your computer can detect which network you use more frequently than others, but it doesn't know which you trust.
A firewall _zone_ contains presets deciding what ports to open and close. Using zones, you can choose a policy that makes the most sense for the network you're currently on.
To see a list of available zones, open the Network Manager Connection Editor, found in your Applications menu, or with the **nm-connection-editor &amp;** command.
![Network Manager Connection Editor][6]
From the list of network connections, double-click on your current network.
In the network configuration window that appears, click the General tab.
In the General panel, click the drop-down menu next to Firewall Zone for a list of all available zones.
![Firewall zones][7]
You can get this same list with this terminal command:
```
`$ sudo firewall-cmd --get-zones`
```
The zone titles indicate what their designers had in mind when creating them, but you can get the specifics of any zone with this terminal command:
```
$ sudo firewall-cmd --zone work --list-all
work
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: ssh dhcpv6-client
  ports:
  protocols:
  [...]
```
In this example, the **work** zone is configured to permit SSH and DHCPv6-client incoming traffic but drops any other incoming traffic not explicitly requested by the user. (In other words, the **work** zone doesn't block HTTP response traffic when you visit a website, but it _does_ deny an HTTP request on your port 80.)
View each zone to get familiar with the traffic each one allows. The most common ones are:
* **Work:** Use this one when on a network you mostly trust. SSH, DHCPv6, and mDNS are permitted, and you can add more as needed. This zone is meant to be a starting point for a custom work environment based on your daily office requirements.
* **Public:** For networks you do not trust. This zone is the same as the work zone, but presumably, you would not add the same exceptions as your work zone.
* **Drop:** All incoming connections are dropped with no response given. This is as close to a stealth mode as you can get without shutting off networking entirely because only outgoing network connections are possible (even a casual port scanner could detect your computer from outgoing traffic, though, so don't mistake this zone for a cloaking device). This is arguably the safest zone when on public WiFi, and definitely the best when you have reason to believe a network is hostile.
* **Block:** All incoming connections are rejected with a message declaring that the requested port is prohibited. Only network connections you initiate are possible. This is a "friendly" version of the drop zone because, even though no port is open for incoming traffic, a port verbosely declines an uninitiated connection.
* **Home:** Use this when you trust other computers on the network. Only selected incoming connections are accepted, and you can add more as needed.
* **Internal:** Similar to the work zone, this is intended for internal networks where you mostly trust the other computers. You can open more ports and services as needed but still maintain a different rule set than you have on your work zone.
* **Trusted:** All network connections are accepted. Good for troubleshooting or on networks you absolutely trust.
### Assigning a zone to a network
You can assign a zone to any network connection you make. Furthermore, you can assign a different zone to each network interface (Ethernet cable, WiFi, and so on) that attaches to each network.
Select the zone you want and click the Save button to commit the change.
![Setting a new zone][8]
The easiest way to get into the habit of assigning a zone to a network interface is to tend to the networks you use most often. Assign the home zone to your home network, the work zone to your work network, and the public network to your favorite library or café network.
Once you have assigned a zone to all your usual networks, make an effort to assign a zone to the next new network you join, whether it's a new café or your mate's home network. Assigning zones is the best way to reinforce your own awareness that networks are not all equal and that you're not any more secure than anybody else just because you run Linux.
### Default zone
Rather than prompting you for a zone every time you join a new network, firewalld assigns any unknown network a default zone. Open a terminal and type this command to get your default zone:
```
$ sudo firewall-cmd --get-default
public
```
In this example, the public zone is the default. It's expected that you will keep the public zone highly restrictive, so it's a pretty safe zone to assign unknown networks. However, you can set your own default instead.
For instance, if you're more paranoid than most, or if you know that you frequent networks you have reason to distrust, you can assign a highly restrictive zone as default:
```
$ sudo firewall-cmd --set-default-zone drop
success
$ sudo firewall-cmd --get-default
drop
```
Now any new network you join will be subject to the drop zone rules unless you manually change it to something less restrictive.
### Customizing zones by opening ports and services
Firewalld's developers don't intend for their zone definitions to satisfy the needs of all the different networks and levels of trust in existence. They're just starting points for you to use and customize.
You don't have to know much about firewalls to be able to open and close ports based on the kinds of network activity you know you generate.
#### Predefined services
The simplest way to add permissions to your firewall is to add a predefined service. Strictly speaking, there's no such thing as a "service" as far as your firewall knows, because firewalls understand port numbers and protocol types. However, firewalld provides collections of ports and protocols based on standards and conventions.
For example, if you're a web developer and want to open your computer up on your local network so your colleagues can see the website you're building, you would add the **http** and **https** services. If you're a gamer and you're running the open source [murmur][9] voice-chat server for your guild, then you'd add the **murmur** service. There are many other services available, which you can view with this command:
```
$ sudo firewall-cmd --get-services
amanda-client amanda-k5-client bacula bacula-client \
bgp bitcoin bitcoin-rpc ceph cfengine condor-collector \
ctdb dhcp dhcpv6 dhcpv6-client dns elasticsearch \
freeipa-ldap freeipa-ldaps ftp [...]
```
If you see a service you need, add it to your current firewall configuration, for example:
```
`$ sudo firewall-cmd --add-service murmur`
```
This command opens all the ports and protocols needed for a particular service _within your default zone_, but only until you reboot your computer or restart your firewall. To make your changes permanent, use the **\--permanent** flag:
```
`$ sudo firewall-cmd --add-service murmur --permanent`
```
You can also issue the command for a zone other than your default:
```
`$ sudo firewall-cmd --add-service murmur --permanent --zone home`
```
#### Ports
Sometimes you want to allow traffic for something that just isn't defined by firewalld's services. Maybe you're setting up a nonstandard port for a common service or you need to open an arbitrary port.
For example, maybe you're running the open source [virtual tabletop][10] software [MapTool][11]. Since you're running the MapTool server and there's no industry standard governing which port MapTool runs on, you can decide what port it uses and then "poke a hole" in your firewall to allow traffic on that port.
The process is basically the same as for services:
```
`$ sudo firewall-cmd --add-port 51234/tcp`
```
This command opens port 51234 to incoming TCP connections _in your default zone_, but only until you reboot your computer or restart your firewall. To make your changes permanent, use the **\--permanent** flag:
```
`$ sudo firewall-cmd --add-port 51234/tcp --permanent`
```
You can also issue the command for a zone other than your default:
```
`$ sudo firewall-cmd --add-port 51234/tcp --permanent --zone home`
```
Allowing traffic through your computer is different from letting traffic through your router"s firewall. Your router probably has a different interface for its own embeded firewall (though the principle is the same), which is outside the scope of this article.
### Removing ports and services
If you decide a service or a port is no longer needed, you can restart your firewall to clear your changes, unless you use the **\--permanent** flag.
If you made your changes permanent, use the **\--remove-port** or **\--remove-service** flag:
```
`$ sudo firewall-cmd --remove-port 51234/tcp --permanent`
```
You can remove ports and services from a zone other than your default zone by specifying a zone in your command:
```
`$ sudo firewall-cmd --remove-service murmur --permanent --zone home`
```
### Custom zones
You can use and abuse the default zones provided by firewalld, but you also have the freedom to create your own. For instance, if it makes sense for you to have a zone specific to gaming, then you can create one and switch over to it only while gaming.
To create a new, empty zone, create a new zone called **game** and reload the firewall rules so that your new zone becomes active:
```
$ sudo firewall-cmd --new-zone game --permanent
success
$ sudo firewall-cmd --reload
```
Once it's created and active, you can customize it with all the services and ports you need to have open for game night.
### Diligence
Start thinking about your firewall strategy today. Start slow, and build up some sane defaults that make sense for you. It may take time before you make it a habit to think about your firewall and understand which network services you use, but with a little exploration, you can strengthen your Linux workstation no matter what your environment.
--------------------------------------------------------------------------------
via: https://opensource.com/article/19/7/make-linux-stronger-firewalls
作者:[Seth Kenlon][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/seth
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/BUSINESS_buildtogether.png?itok=9Tvz64K5 (People working together to build )
[2]: https://tools.ietf.org/html/rfc793
[3]: https://tools.ietf.org/html/rfc433
[4]: https://opensource.com/sites/default/files/uploads/web-port-nonstandard.png (Navigating to a nonstandard port produces an error)
[5]: https://firewalld.org/
[6]: https://opensource.com/sites/default/files/uploads/nm-connection-editor.png (Network Manager Connection Editor)
[7]: https://opensource.com/sites/default/files/uploads/nm-zone.png (Firewall zones)
[8]: https://opensource.com/sites/default/files/uploads/nm-set.png (Setting a new zone)
[9]: https://www.mumble.com/
[10]: https://opensource.com/article/18/5/maptool
[11]: https://github.com/RPTools

View File

@ -0,0 +1,262 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Newsboat A Command line RSS/Atom Feed Reader For Text Consoles)
[#]: via: (https://www.ostechnix.com/newsbeuter-command-line-rssatom-feed-reader-unix-like-systems/)
[#]: author: (sk https://www.ostechnix.com/author/sk/)
Newsboat A Command line RSS/Atom Feed Reader For Text Consoles
======
![Newsboat RSS/Atom Feed reader][1]
**Newsboat** , a fork of Newsbeuter, is a free, open source RSS/Atom feed reader for text consoles. It supports GNU/Linux, FreeBSD, Mac OS X, and other Unix-like operating systems. Compared to other slow and huge amount of memory consumed RSS feed readers, Newsboat is the best choice for anyone who are looking for a simple, slick and fast feed reader that can be completely managed via keyboard.
Concerning about the features, we can list the following:
* Subscribe to RSS 0.9x, 1.0, 2.0 and Atom feeds.
* Download podcasts.
* Configure your keyboard shortcuts as per your wish.
* Search through all downloaded articles.
* Categorize and query your subscriptions with a flexible tag system.
* Integrate any data source through a flexible filter and plugin system.
* Automatically remove unwanted articles through a “killfile”.
* Define “meta feeds” using a powerful query language.
* Synchronize newsboatr with your bloglines.com account.
* Import and exporting your subscriptions with the widely used OPML format.
* Customize the look and feel of Newsboat as per your liking.
* Keep all your feeds in sync with Google Reader.
* And many.
In this brief guide, let us see how to install and use Newsboat in Linux.
### Newsboat A Command line RSS/Atom Feed Reader
##### Installation
**On Arch Linux and derivatives:**
Newsboat is available in the [Community] repository of Arch Linux. So, you can install it using [**Pacman**][2] command as shown below.
```
$ sudo pacman -S newsboat
```
**On Debian, Ubuntu, Linux Mint:**
It is also available in the default repositories of DEB based systems such as Ubuntu, Linux Mint. To install it, run the following command:
```
$ sudo apt-get install newsboat
```
**On Fedora:**
Newsboat is available in the official repositories of Fedora. To install it, run:
```
$ sudo dnf install newsboat
```
Newsboat is also available as [**Snap**][3], so you can install it using command:
```
$ sudo snap install newsboat
```
Once installed, launch it using command:
```
$ newsboat
```
**Sample output:**
```
Starting newsboat 2.10.2...
Loading configuration...done.
Opening cache...done.
Loading URLs from /home/sk/.newsboat/urls...done.
Error: no URLs configured. Please fill the file /home/sk/.newsboat/urls with RSS feed URLs or import an OPML file.
newsboat 2.10.2
usage: newsboat [-i <file>|-e] [-u <urlfile>] [-c <cachefile>] [-x <command> ...] [-h]
-e, --export-to-opml export OPML feed to stdout
-r, --refresh-on-start refresh feeds on start
-i, --import-from-opml=<file> import OPML file
-u, --url-file=<urlfile> read RSS feed URLs from <urlfile>
-c, --cache-file=<cachefile> use <cachefile> as cache file
-C, --config-file=<configfile> read configuration from <configfile>
-X, --vacuum compact the cache
-x, --execute=<command>... execute list of commands
-q, --quiet quiet startup
-v, --version get version information
-l, --log-level=<loglevel> write a log with a certain loglevel (valid values: 1 to 6)
-d, --log-file=<logfile> use <logfile> as output log file
-E, --export-to-file=<file> export list of read articles to <file>
-I, --import-from-file=<file> import list of read articles from <file>
-h, --help this help
```
As you see in the above screenshot, we havent added any URLs yet in Newsboat.
##### Managing Feeds
We can add, edit, tag, and delete feeds by editing the **urls** file. The default urls file is **~/.newsboat/urls**. If it is not available, just create it.
**Add feeds**
To add a feed, edit this file
```
$ vi ~/.newsboat/urls
```
Then, add the feed URLs one by one.
```
http://feeds.feedburner.com/Ostechnix
```
If the feed URL has protected with user name and password, you need to mention the username and password as shown below.
```
http://username:[email protected]/feed.rss
```
After adding all urls, save and close the file.
**Add tags to the feeds**
You can add one or more tags to categorize the feeds as per your liking. Specify the tags separated by space if you want to add more than one tags to a single feed. If you want to specify a single tag that contains a space, just mention it within double quotes like below.
```
http://feeds.feedburner.com/Ostechnix "All Linux news"
https://www.archlinux.org/feeds/packages/ "Only Arch Linux related news"
```
**Read feeds**
To read feeds, just launch the Newsboat utility from the Terminal using command:
```
$ newsboat
```
Sample output:
![][4]
Newsboat Rss feed reader
As you see in the above screenshot, I have added two RSS feeds. You can now start downloading the feeds, either by pressing **“R”** to download all feeds, or by pressing **“r”** to download the currently selected feed.
Now, you will see the list of recent items in each feed.
![][5]
Alternatively, you can run the following command to refresh feeds on start:
```
$ newsboat -r
```
Use **Up/Down** arrows to choose a feed and hit **ENTER** key to open the currently selected feed.
![][6]
Press ENTER key to open the selected entry:
![][7]
To open the entry in your default web browser, simply press **o**.
Here is the list of keyboard controls to manage your feeds.
* Press **n** to go the next unread entry.
* Press **o** to open the selected entry in default web browser.
* Press **r** (small letter) to reload the currently selected feed.
* Press **R** (capital) to reload all feeds.
* Press **A** to mark as read.
* Press **/** to search for a specific entry.
* Press **s** to save single entry or all entries.
* Press **e** to enqueue.
* Press **?** (question mark) to open the help window at any time.
* And press **q** to go back and exit.
**Remove feeds**
To remove the feeds, just delete the URL in the urls file.
**Useful tip for Arch Linux users**
If youre using a Arch based Linux distribution, I know a good way to read the Arch news page before updating your system. The reason for doing this is you can read the Arch news about current updating issues before actually updating your Arch Linux.
Add the Arch news link in **~/.newsboat/urls** file:
```
$ https://www.archlinux.org/feeds/news/
```
Open your **~/.bashrc** file and add the following line:
```
alias update='newsboat -r && sudo pacman -Syu'
```
Replace update with any alias name of your choice.
Now, run the following command to update your Arch Linux system.
```
$ update
```
Whenever you run the above command, it will load the Arch news feed in your Terminal. You can simply read about current issues and then update the Arch Linux system.
For more details, refer the Newsboat help section using command:
```
$ newsboat -h
```
Also, refer the [**official documentation**][8] page for more detailed information.
And, thats all. Hope this helps. I will be soon here with another useful guide. If you find this article helpful, please take a moment to share it on your social, professional networks and support OSTechNix.
**Resources:**
* [**Newsboat website**][9]
* [**Newsboat GtiHub Repository**][10]
--------------------------------------------------------------------------------
via: https://www.ostechnix.com/newsbeuter-command-line-rssatom-feed-reader-unix-like-systems/
作者:[sk][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.ostechnix.com/author/sk/
[b]: https://github.com/lujun9972
[1]: https://www.ostechnix.com/wp-content/uploads/2017/07/Newsboat-RSS-Atom-Feed-reader-720x340.png
[2]: https://www.ostechnix.com/getting-started-pacman/
[3]: https://www.ostechnix.com/introduction-ubuntus-snap-packages/
[4]: https://www.ostechnix.com/wp-content/uploads/2017/07/Newsboat.png
[5]: https://www.ostechnix.com/wp-content/uploads/2017/07/Load-new-feeds.png
[6]: https://www.ostechnix.com/wp-content/uploads/2017/07/Newboat1.png
[7]: https://www.ostechnix.com/wp-content/uploads/2017/07/Open-Rss-feed-entry.png
[8]: https://newsboat.org/releases/2.16.1/docs/newsboat.html
[9]: https://newsboat.org/
[10]: https://github.com/newsboat/newsboat

View File

@ -0,0 +1,134 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (How To Delete A Repository And GPG Key In Ubuntu)
[#]: via: (https://www.ostechnix.com/how-to-delete-a-repository-and-gpg-key-in-ubuntu/)
[#]: author: (sk https://www.ostechnix.com/author/sk/)
How To Delete A Repository And GPG Key In Ubuntu
======
![Delete A Repository And GPG Key In Ubuntu][1]
The other day we discussed how to [**list the installed repositories**][2] in RPM and DEB-based systems. Today, we are going to learn how to delete a repository along with its GPG key in Ubuntu. For those wondering, a repository (shortly **repo** ) is a central place where the developers keep the software packages. The packages in the repositories are thoroughly tested and built specifically for each version by Ubuntu developers. The users can download and install these packages on their Ubuntu system using **Apt** **package manager**. Ubuntu has four official repositories namely **Main** , **Universe** , **Restricted** and **Multiverse**.
Apart from the official repositories, there are many unofficial repositories maintained by developers (or package maintainers). The unofficial repositories usually have the packages which are not available in the official repositories. All packages are signed with pair of keys, a public and private key, by the package maintainer. As you already know, the public key is given out to the users and the private must be kept secret. Whenever you add a new repository in the sources list, you should also add the repository key if Apt package manager wants to trust the newly added repository. Using the repository keys, you can ensure that youre getting the packages from the right person. Hope you got a basic idea about software repositories and repository keys. Now let us go ahead and see how to delete the repository and its key if it is no longer necessary in Ubuntu systems.
### Delete A Repository In Ubuntu
Whenever you add a repository using “add-apt-repository” command, it will be stored in **/etc/apt/sources.list** file.
To delete a software repository from Ubuntu and its derivatives, just open the /etc/apt/sources.list file and look for the repository entry and delete it.
```
$ sudo nano /etc/apt/sources.list
```
As you can see in the below screenshot, I have added [**Oracle Virtualbox**][3] repository in my Ubuntu system.
![][4]
virtualbox repository
To delete this repository, simply remove the entry. Save and close the file.
If you have added PPA repositories, look into **/etc/apt/sources.list.d/** directory and delete the respective entry.
Alternatively, you can delete the repository using “add-apt-repository” command. For example, I am deleting the [**Systemback**][5] repository like below.
```
$ sudo add-apt-repository -r ppa:nemh/systemback
```
Finally, update the software sources list using command:
```
$ sudo apt update
```
### Delete Repository keys
We use “apt-key” command to add the repository keys. First, let us list the added keys using command:
```
$ sudo apt-key list
```
This command will list all added repository keys.
```
/etc/apt/trusted.gpg
--------------------
pub rsa1024 2010-10-31 [SC]
3820 03C2 C8B7 B4AB 813E 915B 14E4 9429 73C6 2A1B
uid [ unknown] Launchpad PPA for Kendek
pub rsa4096 2016-04-22 [SC]
B9F8 D658 297A F3EF C18D 5CDF A2F6 83C5 2980 AECF
uid [ unknown] Oracle Corporation (VirtualBox archive signing key) <[email protected]>
sub rsa4096 2016-04-22 [E]
/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg
------------------------------------------------------
pub rsa4096 2012-05-11 [SC]
790B C727 7767 219C 42C8 6F93 3B4F E6AC C0B2 1F32
uid [ unknown] Ubuntu Archive Automatic Signing Key (2012) <[email protected]>
/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg
------------------------------------------------------
pub rsa4096 2012-05-11 [SC]
8439 38DF 228D 22F7 B374 2BC0 D94A A3F0 EFE2 1092
uid [ unknown] Ubuntu CD Image Automatic Signing Key (2012) <[email protected]>
/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
------------------------------------------------------
pub rsa4096 2018-09-17 [SC]
F6EC B376 2474 EDA9 D21B 7022 8719 20D1 991B C93C
uid [ unknown] Ubuntu Archive Automatic Signing Key (2018) <[email protected]>
```
As you can see in the above output, the long (40 characters) hex value is the repository key. If you want APT package manager to stop trusting the key, simply delete it using command:
```
$ sudo apt-key del "3820 03C2 C8B7 B4AB 813E 915B 14E4 9429 73C6 2A1B"
```
Or, specify the last 8 characters only:
```
$ sudo apt-key del 73C62A1B
```
Done! The repository key has been deleted. Run the following command to update the repository lists:
```
$ sudo apt update
```
**Resource:**
* [**Software repositories Ubuntu Community Wiki**][6]
--------------------------------------------------------------------------------
via: https://www.ostechnix.com/how-to-delete-a-repository-and-gpg-key-in-ubuntu/
作者:[sk][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.ostechnix.com/author/sk/
[b]: https://github.com/lujun9972
[1]: https://www.ostechnix.com/wp-content/uploads/2019/07/Delete-a-repository-in-ubuntu-720x340.png
[2]: https://www.ostechnix.com/find-list-installed-repositories-commandline-linux/
[3]: https://www.ostechnix.com/install-oracle-virtualbox-ubuntu-16-04-headless-server/
[4]: https://www.ostechnix.com/wp-content/uploads/2019/07/virtualbox-repository.png
[5]: https://www.ostechnix.com/systemback-restore-ubuntu-desktop-and-server-to-previous-state/
[6]: https://help.ubuntu.com/community/Repositories/Ubuntu

View File

@ -0,0 +1,312 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Install NetData Performance Monitoring Tool On Linux)
[#]: via: (https://www.ostechnix.com/netdata-real-time-performance-monitoring-tool-linux/)
[#]: author: (sk https://www.ostechnix.com/author/sk/)
Install NetData Performance Monitoring Tool On Linux
======
![][1]
**NetData** is a distributed, real-time, performance and health monitoring tool for systems and applications. It provides unparalleled insights of everything happening on a system in real-time. You can view the results in a highly interactive web-dashboard. Using Netdata, you can get a clear idea of what is happening now, and what happened before in your systems and applications. You dont need to be an expert to deploy this tool in your Linux systems. NetData just works fine out of the box with zero configuration, and zero dependencies. Just install this utility and sit back, NetData will take care of the rest.
It has its own built-in webserver to display the result in graphical format. NetData is quite fast and efficient, and it will immediately start to analyze the performance of your system in no time after installing it. It is written using **C** programming language, so it is extremely light weight. It consumes less than 3% of a single core CPU usage and a 10-15MB of RAM. We can easily embed the charts on any existing web pages, and also it has a plugin API, so that you can monitor any application.
Here is the list of things that will be monitored by NetData utility in your Linux system.
* CPU usage,
* RAM Usage,
* Swap memory usage,
* Kernel memory usage,
* Hard disks and its usage,
* Network interfaces,
* IPtables,
* Netfilter,
* DDoS protection,
* Processes,
* Applications,
* NFS server,
* Web server (Apache & Nginx),
* Database servers (MySQL),
* DHCP server,
* DNS server,
* Email serve,r
* Proxy server,
* Tomcat,
* PHP,
* SNP devices,
* And many more.
NetData is free, open source tool and it supports Linux, FreeBSD and Mac OS.
### Install NetData On Linux
Netdata can be installed on any Linux distributions that have **Bash** installed.
The easiest way to install Netdata is to run the following one-liner command from the Terminal:
```
$ bash <(curl -Ss https://my-netdata.io/kickstart-static64.sh)
```
This will download and install everything needed to up and run Netdata.
Some users may not want to inject something directly into Bash without investigating it. If you dont like this method, you can follow the steps below to install it on your system.
**On Arch Linux:**
The latest version is available in the Arch Linux default repositories. So, we can install it with [**pacman**][2] using command:
```
$ sudo pacman -S netdata
```
**On DEB and RPM-based systems**
NetData is not available in the default repositories of DEB based (Ubuntu / Debian) or RPM based (RHEL / CentOS / Fedora) systems. We need to install NetData manually from its Git repository.
First install the required dependencies:
```
# Debian / Ubuntu
$ sudo apt-get install zlib1g-dev uuid-dev libuv1-dev liblz4-dev libjudy-dev libssl-dev libmnl-dev gcc make git autoconf autoconf-archive autogen automake pkg-config curl
# Fedora
$ sudo dnf install zlib-devel libuuid-devel libuv-devel lz4-devel Judy-devel openssl-devel libmnl-devel gcc make git autoconf autoconf-archive autogen automake pkgconfig curl findutils
# CentOS / Red Hat Enterprise Linux
$ sudo yum install epel-release
$ sudo yum install autoconf automake curl gcc git libmnl-devel libuuid-devel openssl-devel libuv-devel lz4-devel Judy-devel lm_sensors make MySQL-python nc pkgconfig python python-psycopg2 PyYAML zlib-devel
# openSUSE
$ sudo zypper install zlib-devel libuuid-devel libuv-devel liblz4-devel judy-devel openssl-devel libmnl-devel gcc make git autoconf autoconf-archive autogen automake pkgconfig curl findutils
```
After installing the required dependencies, install NetData on DEB or RPM based systems as shown below.
Git clone the NetData repository:
```
$ git clone https://github.com/netdata/netdata.git --depth=100
```
The above command will create a directory called **netdata** in the current working directory.
Change to the netdata directory:
```
$ cd netdata/
```
Finally, install and start NetData using command:
```
$ sudo ./netdata-installer.sh
```
**Sample output:**
```
Welcome to netdata!
Nice to see you are giving it a try!
You are about to build and install netdata to your system.
It will be installed at these locations:
- the daemon at /usr/sbin/netdata
- config files at /etc/netdata
- web files at /usr/share/netdata
- plugins at /usr/libexec/netdata
- cache files at /var/cache/netdata
- db files at /var/lib/netdata
- log files at /var/log/netdata
- pid file at /var/run
This installer allows you to change the installation path.
Press Control-C and run the same command with --help for help.
Press ENTER to build and install netdata to your system > ## Press ENTER key
```
After installing NetData, you will see the following output at the end:
```
-------------------------------------------------------------------------------
OK. NetData is installed and it is running (listening to *:19999).
-------------------------------------------------------------------------------
INFO: Command line options changed. -pidfile, -nd and -ch are deprecated.
If you use custom startup scripts, please run netdata -h to see the
corresponding options and update your scripts.
Hit http://localhost:19999/ from your browser.
To stop netdata, just kill it, with:
killall netdata
To start it, just run it:
/usr/sbin/netdata
Enjoy!
Uninstall script generated: ./netdata-uninstaller.sh
```
![][3]
Install NetData
NetData has been installed and started.
To install Netdata on other Linux distributions, refer the [**official installation instructions page**][4].
##### Allow NetData default port via Firewall or Router
If your system stays behind any firewall or router, you must allow the default port **19999** to access the NetData web interface from any remote systems on the network,.
**On Ubuntu / Debian:**
```
$ sudo ufw allow 19999
```
**On CentOS / RHEL / Fedora:**
```
$ sudo firewall-cmd --permanent --add-port=19999/tcp
$ sudo firewall-cmd --reload
```
### Starting / Stopping NetData
To enable and start Netdata service on systems that use **Systemd** , run:
```
$ sudo systemctl enable netdata
$ sudo systemctl start netdata
```
To stop:
```
$ sudo systemctl stop netdata
```
To enable and start Netdata service on systems that use **Init** , run:
```
$ sudo service netdata start
$ sudo chkconfig netdata on
```
To stop it:
```
$ sudo service netdata stop
```
### Access NetData via Web browser
Open your web browser, and navigate to **<http://127.0.0.1:19999>** or **<http://localhost:19999/>** or **<http://ip-address:19999>**. You should see a screen something like below.
![][5]
Netdata dashboard
From the dashboard, you will find the complete statistics of your Linux system. Scroll down to view each section.
You can download and/or view NetData default configuration file at any time by simply navigating to **<http://localhost:19999/netdata.conf>**.
![][6]
Netdata configuration file
### Updating NetData
In Arch Linux, just run the following command to update NetData. If the updated version is available in the repository, it will be automatically installed.
```
$ sudo pacman -Syyu
```
In DEB or RPM based systems, just go to the directory where you have cloned it (In our case its netdata).
```
$ cd netdata
```
Pull the latest update:
```
$ git pull
```
Then, rebuild and update it using command:
```
$ sudo ./netdata-installer.sh
```
### Uninstalling NetData
Go to the location where you have cloned NetData.
```
$ cd netdata
```
Then, uninstall it using command:
```
$ sudo ./netdata-uninstaller.sh --force
```
In Arch Linux, the following command will uninstall it.
```
$ sudo pacman -Rns netdata
```
**Resources:**
* [**NetData website**][7]
* [**NetData GitHub page**][8]
--------------------------------------------------------------------------------
via: https://www.ostechnix.com/netdata-real-time-performance-monitoring-tool-linux/
作者:[sk][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.ostechnix.com/author/sk/
[b]: https://github.com/lujun9972
[1]: https://www.ostechnix.com/wp-content/uploads/2016/06/Install-netdata-720x340.png
[2]: https://www.ostechnix.com/getting-started-pacman/
[3]: https://www.ostechnix.com/wp-content/uploads/2016/06/Deepin-Terminal_002-6.png
[4]: https://docs.netdata.cloud/packaging/installer/
[5]: https://www.ostechnix.com/wp-content/uploads/2016/06/Netdata-dashboard.png
[6]: https://www.ostechnix.com/wp-content/uploads/2016/06/Netdata-config-file.png
[7]: http://netdata.firehol.org/
[8]: https://github.com/firehol/netdata

View File

@ -1,102 +0,0 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Say WHAAAT? Mozilla has Been Nominated for the “Internet Villain” Award in the UK)
[#]: via: (https://itsfoss.com/mozilla-internet-villain/)
[#]: author: (Ankush Das https://itsfoss.com/author/ankush/)
Say WHAAAT? Mozilla has Been Nominated for the “Internet Villain” Award in the UK
======
Mozilla Firefox is one of the most popular browsers available out there. A lot of users prefer it over Chrome just because it encourages privacy protection and features options to keep your Internet activity as private as possible.
But, one of the recently proposed features **[DoH (DNS-over-HTTPS)][1]** which is still in the testing phase didnt receive a good response from the UKs ISPs trade association.
So, the ISPA (Internet Services Providers Association) of UK decided to [nominate][2] Mozilla as one of the “Internet Villains” among the nominees for 2019. This is for an award ceremony to be held on 11th July in London by the ISP trade association of the UK.
![][3]
### Why “Mozilla” is the “Internet Villain” here?
In their announcement, the ISPA mentioned that Mozilla is one of the Internet Villains for supporting **DoH** (DNS-over-HTTPS).
> [@mozilla][4] is nominated for the [#ISPAs][5] [#InternetVillain][6] for their proposed approach to introduce DNS-over-HTTPS in such a way as to bypass UK filtering obligations and parental controls, undermining [#internet][7] safety standards in the UK. <https://t.co/d9NaiaJYnk> [pic.twitter.com/WeZhLq2uvi][8]
>
> — Internet Services Providers Association (ISPAUK) (@ISPAUK) [July 4, 2019][9]
Along with Mozilla, Article 13 Copyright Directive and President Donald Trump also appear in the list. Heres how ISPA explained in their announcement:
_**Mozilla**_ _ for their proposed approach to introduce DNS-over-HTTPS in such a way as to bypass UK filtering obligations and parental controls, undermining internet safety standards in the UK_.
**_Article_ _13 Copyright Directive_** _ for threatening freedom of expression online by requiring content recognition technologies across platforms_
_**President Donald Trump**_ _ for causing a huge amount of uncertainty across the complex, global telecommunications supply chain in the course of trying to protect national security_
### What is DNS-over-HTTPS?
DoH basically means that your DNS requests will be encrypted over an HTTPS connection.
Traditionally, the DNS requests are unencrypted and your DNS provider or the ISP can monitor/control your browsing activity. Without DoH, you can easily enforce blocking/content filtering through your DNS provider or the ISP can do that when they want.
[][10]
Suggested read  Firefox: The Internet's Knight in Shining Armor
However, DoH completely takes that out of the equation and hence, you get a private browsing experience.
You can explore [how Mozilla implements this partnering with Cloudflare][11] and set it up for yourself if you want.
### Is DoH helpful?
Yes and no.
Of course, on one side of the coin, it lets user bypass any content filters enforced by the DNS or the ISPs. So, it is a good thing that we want to put a stop to Internet censorship and DoH helps us with that.
But, on the other side, if you are a parent, you can no longer [set content filters][12] if your kid utilizes DoH on Mozilla Firefox. It depends on how good/bad the [firewall is configured][13].
But potentially DoH is a solution for some to bypass parental controls, which could be a bad thing.
Correct me if Im wrong here in the comments below.
Also, using DoH means that you can no longer use the local host file (in case you are using it for ad blocking or something else)
### Wrapping Up
What do you think about DoH in general? Is it good enough?
And, whats your take on ISPAs decision? Do you think that they are encouraging Internet censorship and government monitoring on netizens with this kind of announcement?
Personally, I find it hilarious. Even if DoH isnt the ultimate feature that everyone wants, it is always good to have an option to protect your privacy in some way.
Let us know your thoughts in the comments below. Meanwhile, Ill just put this quote here:
> In a time of universal deceit, telling the truth is a revolutionary act
--------------------------------------------------------------------------------
via: https://itsfoss.com/mozilla-internet-villain/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: https://en.wikipedia.org/wiki/DNS_over_HTTPS
[2]: https://www.ispa.org.uk/ispa-announces-finalists-for-2019-internet-heroes-and-villains-trump-and-mozilla-lead-the-way-as-villain-nominees/
[3]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2019/07/mozilla-internet-villain.jpg?resize=800%2C450&ssl=1
[4]: https://twitter.com/mozilla?ref_src=twsrc%5Etfw
[5]: https://twitter.com/hashtag/ISPAs?src=hash&ref_src=twsrc%5Etfw
[6]: https://twitter.com/hashtag/InternetVillain?src=hash&ref_src=twsrc%5Etfw
[7]: https://twitter.com/hashtag/internet?src=hash&ref_src=twsrc%5Etfw
[8]: https://t.co/WeZhLq2uvi
[9]: https://twitter.com/ISPAUK/status/1146725374455373824?ref_src=twsrc%5Etfw
[10]: https://itsfoss.com/why-firefox/
[11]: https://blog.nightly.mozilla.org/2018/06/01/improving-dns-privacy-in-firefox/
[12]: https://itsfoss.com/how-to-block-porn-by-content-filtering-on-ubuntu/
[13]: https://itsfoss.com/set-up-firewall-gufw/

View File

@ -0,0 +1,446 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Youtube-dl Tutorial With Examples For Beginners)
[#]: via: (https://www.ostechnix.com/youtube-dl-tutorial-with-examples-for-beginners/)
[#]: author: (sk https://www.ostechnix.com/author/sk/)
Youtube-dl Tutorial With Examples For Beginners
======
![Youtube-dl Tutorial With Examples For Beginners][1]
There are numerous applications available to Download Youtube videos. We have covered such applications, namely [**ClipGrab**][2], and [**Mps-youtube**][3] etc., in the past. Today, we are going to learn about yet another Youtube downloader called **Youtube-dl**. Like Mps-youtube, Youtube-dl is also a command line program to download videos from Youtube and a lot of other websites listed [**here**][4]. Youtube-dl can be able to download a single track or entire playlist in one go. It is a free and open source command line program written in **Python**. It supports GNU/Linux, Mac OS X and Microsoft Windows.
### Installing Youtube-dl
The easiest and officially recommended way to install Youtube-dl is just download it, save it in your PATH, make it executable and start using it right away.
```
$ sudo curl -L https://yt-dl.org/downloads/latest/youtube-dl -o /usr/local/bin/youtube-dl
```
If you dont have curl, use **wget** instead:
```
$ sudo wget https://yt-dl.org/downloads/latest/youtube-dl -O /usr/local/bin/youtube-dl
$ sudo chmod a+rx /usr/local/bin/youtube-dl
```
Alternatively, you can install it using [**Pip**][5] as shown below.
```
$ sudo -H pip install --upgrade youtube-dl
```
Youtube-dl is also available in the official repositories of some Linux distributions. For example, you can install it in Arch Linux using command:
```
$ sudo pacman -S youtube-dl
```
On Debian, Ubuntu, Linux mint:
```
$ sudo apt install youtube-dl
```
On Fedora:
```
$ sudo dnf install youtube-dl
```
FFmpeg is also required to download 720p videos from YouTube and convert videos to other formats. To install FFmpeg, refer the following guide.
* [**How to install FFmpeg on Linux**][6]
### Update Youtube-dl
If youve manually installed Youtube-dl using curl or wget, run the following command to update it:
```
$ sudo youtube-dl -U
```
If you installed it using pip, do:
```
$ sudo pip install -U youtube-dl
```
Those who installed Youtube-dl using the distributions package manager, just use the appropriate update command. For example, on Arch Linux, you can update Youtube-dl by simply running the following command:
```
$ sudo pacman -Syu
```
On Debian, Ubuntu:
```
$ sudo apt update
```
Now, let us see some examples to learn to use Youtube-dl.
### Youtube-dl Tutorial With Examples
Here, I have compiled most commonly used Youtube-dl commands to download a video or playlist from youtube.
####### **1\. Download video or playlist**
To download a video or the entire playlist from Youtube, just mention the URL like below:
```
$ youtube-dl https://www.youtube.com/watch?v=7E-cwdnsiow
```
If you want to download video or playlist with a custom name of your choice, the command would be:
```
$ youtube-dl -o 'abdul kalam inspirational speech' https://www.youtube.com/watch?v=7E-cwdnsiow
```
Replace “abdul kalam inspirational speech” with your own name.
You can also include additional details, such as the title, the uploader name (channel name) and upload date etc., in the file name by using the following command:
```
$ youtube-dl -o '%(title)s by %(uploader)s on %(upload_date)s in %(playlist)s.%(ext)s' https://www.youtube.com/watch?v=7E-cwdnsiow
```
####### **2\. Download multiple videos**
Sometimes, you might want to download multiple videos from or any other site. If so, just mention the URL of the videos with space-separated like below:
```
$ youtube-dl <url1> <url2>
```
Alternatively, you can put them all in a text file and pass it to Youtube-dl as an argument like below.
```
$ youtube-dl -a url.txt
```
This command will download all videos mentioned in the url.txt file.
####### **3\. Download audio-only from a video**
Youtube-dl allows us to download audio only from a Youtube video. If you ever been in a situation to download only the audio, run:
```
$ youtube-dl -x https://www.youtube.com/watch?v=7E-cwdnsiow
```
By default, Youtube-dl will save the audio in **Ogg** (opus) format.
If you prefer to download any other formats, for example **mp3** , run:
```
$ youtube-dl -x --audio-format mp3 https://www.youtube.com/watch?v=7E-cwdnsiow
```
This command will download the audio from the given video/playlist, convert it to an MP3 and save it in the current directory. Please note that you should install either [**ffmpeg**][7] or **avconv** to convert the file to mp3 format.
####### **4\. Download video with description, metadata, annotations, subtitles and thumbnail**
To download a video along with its other details such as description, metadata, annotations, subtitles, and thumbnail etc., use the following command:
```
$ youtube-dl --write-description --write-info-json --write-annotations --write-sub --write-thumbnail https://www.youtube.com/watch?v=7E-cwdnsiow
```
####### **5\. List all available formats of video or playlist**
To list all available formats that a video or playlist is available in, use the following command:
```
$ youtube-dl --list-formats https://www.youtube.com/watch?v=7E-cwdnsiow
```
Or
```
$ youtube-dl -F https://www.youtube.com/watch?v=7E-cwdnsiow
```
Sample output:
![][8]
List all available formats of a youtube video using youtube-dl
As you can see in the above screenshot, Youtube-dl lists all available formats of the given video. From left to right, it displays the video format code, extension and resolution note of the respective video. This can be helpful when you want to download a video at a specific quality or format.
####### **6\. Download videos in certain quality and/or format**
By default, Youtube-dl will download the best available quality video. However, it is also possible to download a video or playlist at a specific quality or format.
Youtube is capable of downloading videos in the following qualities:
* **best** Select the best quality format of the given file with video and audio.
* **worst** Select the worst quality format (both video and audio).
* **bestvideo** Select the best quality video-only format (e.g. DASH video). Please note that it may not be available.
* **worstvideo** Select the worst quality video-only format. May not be available.
* **bestaudio** Select the best quality audio only-format. May not be available.
* **worstaudio** Select the worst quality audio only-format. May not be available.
For example, if you want to download **best quality** format (both audio and video), just use the following command:
```
$ youtube-dl -f best https://www.youtube.com/watch?v=7E-cwdnsiow
```
Similarly, to download audio-only with best quality:
```
$ youtube-dl -f bestaudio https://www.youtube.com/watch?v=7E-cwdnsiow
```
To download worst quality video-only format, use the following command:
```
$ youtube-dl -f worstvideo https://www.youtube.com/watch?v=7E-cwdnsiow
```
You also combine different format options like below.
```
$ youtube-dl -f bestvideo+bestaudio https://www.youtube.com/watch?v=7E-cwdnsiow
```
The above command will download best quality video-only and best quality audio-only formats and merge them together with ffmpeg or avconv. Make sure you have installed any one of these tools on your system.
If you dont want to merge, replace **+** (plus) operator with **,** (comma) like below:
```
$ youtube-dl -f 'bestvideo,bestaudio' https://www.youtube.com/watch?v=7E-cwdnsiow -o '%(title)s.f%(format_id)s.%(ext)s'
```
This command will download best quality video and best quality audio and **will not mix them**. In this case, you will get two files, one is audio and another is video. In this example, an output template ( **-o** option) is recommended as bestvideo and bestaudio may have the same file name.
We can even download a video or playlist at a specific quality with **specific resolution**.
For instance, the following command will download the **best quality** video in **480 pixel resolution** (less than or equal to 480p).
```
$ youtube-dl -f "best[height<=480]" https://www.youtube.com/watch?v=7E-cwdnsiow
```
Like already said, we can group the format selectors to get a specific quality video. The following command will download best format available(both audio and video) but **no better than 480p**.
```
$ youtube-dl -f 'bestvideo[height<=480]+bestaudio/best[height<=480]' https://www.youtube.com/watch?v=7E-cwdnsiow
```
####### **7. Download videos using format code
**
All videos have format codes which we can use to download a video at specific quality. To find the format code, just list the available formats using any one of the following commands:
```
$ youtube-dl --list-formats https://www.youtube.com/watch?v=7E-cwdnsiow
```
Or
```
$ youtube-dl -F https://www.youtube.com/watch?v=7E-cwdnsiow
```
![][9]
As you can see in the above screenshot, all format codes of the given video are listed in the first column. The best quality format is given at the end (the format code is **22** ). So, the command to download best quality format is:
```
$ youtube-dl -f 22 https://www.youtube.com/watch?v=7E-cwdnsiow
```
Some videos may not have the same formats available while you download videos from playlist. In such cases, you can specify multiple format codes in any preferred order of your choice. Take a look at the following example:
```
$ youtube-dl -f 22/17/18 <playlist_url>
```
As per the above example, Youtube-dl will download the videos in format 22 if it is available. If the format 22 is not available, it will then download format 17 if it is available. If both 22 and 17 formats are not available, it will finally try to download format 18. If none of the specified formats are available, Youtube-dl will complain that no suitable formats are available for download.
Please note that that slash is left-associative, i.e. formats on the left hand side are preferred.
####### **8. Download videos by file extension
**
Download video(s) in your preferred format, say for example MP4, just run:
```
$ youtube-dl --format mp4 https://www.youtube.com/watch?v=7E-cwdnsiow
```
Or,
```
$ youtube-dl -f mp4 https://www.youtube.com/watch?v=7E-cwdnsiow
```
Like I already mentioned in the previous section, some videos may not available in your preferred formats. In such cases, Youtube-dl will download any other best available formats. For instance, this command will download best quality MP4 format file. If MP4 format is not available, then it will download any other best available format.
```
$ youtube-dl -f 'bestvideo[ext=mp4]+bestaudio[ext=m4a]/best[ext=mp4]/best' https://www.youtube.com/watch?v=7E-cwdnsiow
```
If you want to download them with custom filename, do:
```
$ youtube-dl -f mp4 -o '%(title)s.f%(format_id)s.%(ext)s' https://www.youtube.com/watch?v=7E-cwdnsiow
```
####### **9. Set size limit for videos
**
When you download multiple videos from a playlist, you might want to download videos within a certain size only.
For example, this command will not download any videos smaller than the given size, say **100MB** :
```
$ youtube-dl --min-filesize 100M <playlist_url>
```
If you dont want to download videos larger than the given size, do:
```
$ youtube-dl --max-filesize 100M <playlist_url>
```
We can also combine format selection operators to download certain size videos.
The following command will download best video-only format but **not bigger than 100 MB**.
```
$ youtube-dl -f 'best[filesize<100M]' https://www.youtube.com/watch?v=7E-cwdnsiow
```
####### **10. Download videos by date-wise
**
Youtube-dl allows us to filter and download video or playlist by their upload date. This will be very helpful when you want to download videos from a playlist that contains 100s of videos.
For instance, to download videos uploaded at an exact date, for example October 01, 2018, the command would be:
```
$ youtube-dl --date 20181001 <URL>
```
Download videos uploaded on or before a specific date:
```
$ youtube-dl --datebefore 20180101 <URL>
```
Download videos uploaded on or after a specific date:
```
$ youtube-dl --dateafter 20180101 <URL>
```
Download only the videos uploaded in the last 6 months:
```
$ youtube-dl --dateafter now-6months <URL>
```
To download videos between a specific date, for example January 01, 2018 to January 01, 2019, use the following command:
```
$ youtube-dl --dateafter 20180101 --datebefore 20190101 <URL>
```
####### **11. Download specific videos from playlist
**
This is yet another useful feature of Youtube-dl. It allows us to download a specific song(s) from a playlist that contains 100s of songs.
For example, to download the 10th file from a playlist, run:
```
$ youtube-dl --playlist-items 10 <playlist_url>
```
Similarly, to download multiple random files, just specify indices of the videos in the playlist separated by commas like below::
```
$ youtube-dl --playlist-items 2,3,7,10 <playlist_url>
```
You can also specify the range of songs. To download a video playlist starting from a certain video, say 10, to end:
```
$ youtube-dl --playlist-start 10 <playlist_url>
```
To download only the files starting from 2nd to 5th in a playlist, use:
```
$ youtube-dl --playlist-start 2 --playlist-end 5 <playlist_url>
```
####### 12\. Download only videos suitable for specific age
This is another notable feature of Youtube-dl. It allows us to download only videos suitable for the given age.
Say for example, to download all “Lets Play” videos that arent marked “NSFW” or age-restricted for 7 year-olds from a playlist, run:
```
$ youtube-dl --match-title "let's play" --age-limit 7 --reject-title "nsfw" <playlist_url>
```
Youtube-dl has a lot more options. I guess these 12 examples are just enough to use Youtube-dl to download videos from online. For more details, refer Youtube-dl help section.
```
$ youtube-dl --help
```
**Resources:**
* [**Youtube-dl website**][10]
* [**Youtube-dl GitHub Repository**][11]
* [**https://jonlabelle.com/snippets/view/shell/youtube-dl-command**][12]
--------------------------------------------------------------------------------
via: https://www.ostechnix.com/youtube-dl-tutorial-with-examples-for-beginners/
作者:[sk][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.ostechnix.com/author/sk/
[b]: https://github.com/lujun9972
[1]: https://www.ostechnix.com/wp-content/uploads/2019/06/youtube-dl-720x340.png
[2]: https://www.ostechnix.com/clipgrab-youtube-downloader-converter/
[3]: https://www.ostechnix.com/mps-youtube-commandline-youtube-player-downloader/
[4]: https://ytdl-org.github.io/youtube-dl/supportedsites.html
[5]: https://www.ostechnix.com/manage-python-packages-using-pip/
[6]: https://www.ostechnix.com/install-ffmpeg-linux/
[7]: https://www.ostechnix.com/20-ffmpeg-commands-beginners/
[8]: https://www.ostechnix.com/wp-content/uploads/2019/06/List-all-available-formats-youtube-dl.png
[9]: https://www.ostechnix.com/wp-content/uploads/2019/06/List-all-available-formats-youtube-dl-1.png
[10]: https://ytdl-org.github.io/youtube-dl/index.html
[11]: https://github.com/ytdl-org/youtube-dl
[12]: https://jonlabelle.com/snippets/view/shell/youtube-dl-command

View File

@ -1,216 +0,0 @@
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (How to use Tig to browse Git logs)
[#]: via: (https://opensource.com/article/19/6/what-tig)
[#]: author: (Olaf Alders https://opensource.com/users/oalders/users/mbbroberg/users/marcobravo)
如何使用 Tig 浏览 Git 日志
======
Tig不仅仅是 Git 的文本界面。以下是它如何增强你的日常工作流程。
![A person programming][1]
如果你使用 Git 作为你的版本控制系统,你可能已经让自己接受 Git 是一个复杂的野兽。它是一个很棒的工具,但在 Git 仓库查找可能很麻烦。因此像 [Tig][2] 这样的工具出现了。
来自 [Tig 手册页][3]
> Tig 是 git(1) 的基于 ncurses 的文本界面。它主要用作 Git 仓库浏览器,但也有助于在块级别暂存提交更改,并显示各种 Git 命令的输出。
这基本上意味着 Tig 提供了一个可以在终端中运行的基于文本的用户界面。Tig 可以让你轻松浏览你的 Git 日志,但它可以做的远不止让你从最后的提交跳到前一个提交。
![Tig screenshot][4]
这篇快速入门的 Tig 中的许多例子都是直接从其出色的手册页中拿出来的。我强烈建议你阅读它以了解更多信息。
### 安装 Tig
* Fedora 和 RHEL **sudo dnf install tig**
* Ubuntu 和 Debian **sudo apt install tig**
* MacOS:**brew install tig**
有关更多选项,请参阅官方[安装说明][5]。
### 浏览当前分支中的提交
如果要浏览分支中的最新提交,请输入:
```
`tig`
```
这是这样。这个三字符命令将启动一个浏览器,你可以在其中导航当前分支中的提交。你可以将其视为 **git log** 的封装器。
要浏览输出,可以使用向上和向下箭头键从一个提交移动到另一个提交。按回车键将会垂直分割窗口,右侧包含所选提交的内容。你可以继续在左侧的提交历史记录中上下浏览,你的更改将显示在右侧。使用 **k****j** 逐行上下浏览,**-** 和空格键在右侧上下翻页。使用 **q** 退出右侧窗格。
搜索 **tig** 输出也很简单。使用 **/** 向前搜索,使用 **?** 在左右窗格中向后搜索。
![Searching Tig][6]
这足以让你开始浏览你的提交。这里有很多的键绑定,但单击 **h** 将显示“帮助”菜单,你可以在其中发现其导航和命令选项。你还可以使用 **/** 和 **?** 来搜索“帮助”菜单。使用 **q** 退出帮助。
![Tig Help][7]
### 浏览单个文件的修改
由于 Tig 是 **git log** 的封装器,它可以方便地接受可以传递给 **git log** 的相同参数。例如,要浏览单个文件的提交历史记录,请输入:
```
`tig README.md`
```
将其与被封装的 Git 命令的输出进行比较,以便更清楚地了解 Tig 如何增强输出。
```
`git log README.md`
```
要在原始 Git 输出中包含补丁,你可以添加 **-p** 选项:
```
`git log -p README.md`
```
如果要将提交范围缩小到特定日期范围,请尝试以下操作:
```
`tig --after="2017-01-01" --before="2018-05-16" -- README.md`
```
再一次,你可以将其与原始的 Git 版本进行比较:
```
`git log --after="2017-01-01" --before="2018-05-16" -- README.md`
```
### 浏览谁更改了文件
有时你想知道谁对文件进行了更改以及原因。命令:
```
`tig blame README.md`
```
本质上是 **git blame** 的封装。正如你 所期望的那样,它允许你查看谁是编辑指定行的最后一人,它还允许你查看到引入该行的提交。这有点像 vim 的 **vim-fugitive**插件提供的**:Gblame**命令。
### 浏览你的暂存
如果你像我一样,你可能会在你的暂存处有许多编辑。你很容易忘记它们。你可以通过以下方式查看暂存处中的最新项目:
```
`git stash show -p stash@{0}`
```
你可以通过以下方式找到第二个最新项目:
```
`git stash show -p stash@{1}`
```
以此类推。如果你在需要它们时调用这些命令,那么你会有比我更清晰的内存。
与上面的 Git 命令一样Tig 可以通过简单的调用轻松增强你的 Git 输出:
```
`tig stash`
```
尝试在有暂存的仓库中执行此命令。你将能够浏览_并搜索_你的暂存项快速浏览你的那些修改。
### 浏览你的引用
git ref 是你提交的东西的哈希值。这包括文件和分支。使用 **tig refs** 命令可以浏览所有引用并深入查看特定提交。
```
`tig refs`
```
完成后,使用 **q** 回到前面的菜单。
### 浏览 git 状态
如果要查看哪些文件已被暂存,哪些文件未被跟踪,请使用 **tig status**,它是 **git status** 的封装。
![Tig status][8]
### 浏览 git grep
你可以使用 **grep** 命令在文本文件中搜索表达式。命令 **tig grep** 允许你导览 **git grep** 的输出。例如:
```
`tig grep -i foo lib/Bar`
```
它会导览 **lib/Bar** 目录中以大小写敏感的方式搜索 **foo** 的输出。
### 通过标准输入管道输出给 Tig
如果要将提交 ID 列表传递给 Tig那么必须使用 **\--stdin** 标志,以便 **tig show** 从标准输入读取。否则,**tig show** 会在没有输入的情况下启动(出现空白屏幕)。
```
`git rev-list --author=olaf HEAD | tig show --stdin`
```
### 添加自定义绑定
你可以使用 [rc][9] 文件自定义 Tig。以下是如何根据自己的喜好添加一些有用的自定义键绑定的示例。
在主目录中创建一个名为 **.tigrc** 的文件。在你喜欢的编辑器中打开 **~/.tigrc** 并添加:
```
# Apply the selected stash
bind stash a !?git stash apply %(stash)
# Drop the selected stash item
bind stash x !?git stash drop %(stash)
```
如上所述,运行 **tig stash** 以浏览你的暂存。但是,通过这些绑定,你可以按 **a**将暂存中的项目应用到仓库,并按 **x** 从暂存中删除项目。请记住你要在浏览暂存_列表_时才能执行这些命令。如果你正在浏览暂存_项_请输入 **q** 退出该视图,然后按 **a****x** 以获得所需效果。
有关更多信息,你可以阅读有关 [Tig 键绑定][10]。
### 总结
我希望这有助于演示 Tig 如何增强你的日常工作流程。Tig 可以做更强大的事情(比如暂存代码行),但这超出了这篇介绍性文章的范围。这里有足够的让你危险的信息,但还有更多值得探索的地方。
--------------------------------------------------------------------------------
via: https://opensource.com/article/19/6/what-tig
作者:[Olaf Alders][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/oalders/users/mbbroberg/users/marcobravo
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/computer_keyboard_laptop_development_code_woman.png?itok=vbYz6jjb (A person programming)
[2]: https://jonas.github.io/tig/
[3]: http://manpages.ubuntu.com/manpages/bionic/man1/tig.1.html
[4]: https://opensource.com/sites/default/files/uploads/tig.jpg (Tig screenshot)
[5]: https://jonas.github.io/tig/INSTALL.html
[6]: https://opensource.com/sites/default/files/uploads/tig-search.png (Searching Tig)
[7]: https://opensource.com/sites/default/files/uploads/tig-help.png (Tig Help)
[8]: https://opensource.com/sites/default/files/uploads/tig-status.png (Tig status)
[9]: https://en.wikipedia.org/wiki/Run_commands
[10]: https://github.com/jonas/tig/wiki/Bindings

View File

@ -0,0 +1,261 @@
[#]: collector: (lujun9972)
[#]: translator: (chen-ni)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Make Linux stronger with firewalls)
[#]: via: (https://opensource.com/article/19/7/make-linux-stronger-firewalls)
[#]: author: (Seth Kenlon https://opensource.com/users/seth)
使用防火墙让你的 Linux 更加强大
======
掌握防火墙的工作原理,以及如何设置防火墙来提高 Linux 的安全性
![People working together to build ][1]
所有人都听说过防火墙(哪怕仅仅是在网络犯罪片里看到过相关的情节设定),很多人也知道他们的计算机里很可能正运行着防火墙,但是很少有人明白在必要的时候如何驾驭防火墙。
防火墙被用来拦截那些不请自来的网络流量,然而不同网络需要的安全级别也不尽相同。比如说,和在外面一家咖啡馆里使用公共 WiFi 相比,你在家里的时候可以更加信任网络里的其它计算机和设备。你或许希望计算机能够区分可以信任和不可信任的网络,不过最好还是应该学会自己去管理(或者至少是核实)你的安全设置。
### 防火墙的工作原理
网络里不同设备之间的通信是通过一种叫做 **端口** 的网关实现的。这里的端口指的并不是像 USB 端口 或者 HDMI 端口这样的物理连接。在网络术语中,端口是一个纯粹的虚拟概念,用来表示某种类型的数据到达或离开一台计算机时候所走的路径。其实也可以换个名字来称呼,比如叫“连接”或者“门道”,不过 [早在 1981 年的时候][2] 它们就被称作端口了,这个叫法也沿用至今。其实端口这个东西没有任何特别之处,只是一种用来指代一个可能会发生数据传输的地址的方式。
1972 年,一份 [端口数字清单][3](那时候的端口被称为“套接字”)被发布了,并且从此演化为一组众所周知的标准端口号,帮助管理特定类型的网络流量。比如说,你每天访问网站的时候都会使用 80 和 443 端口,因为互联网上的绝大多数人都同意(或者是默认)数据从 web 服务器上传输的时候是通过这两个端口的。如果想要验证这一点,你可以在使用浏览器访问网站的时候在 URL 后面加上一个非标准的端口号码。比如说,访问 **example.com:42** 的请求会被拒绝,因为 example.com 在 42 端口上并不提供网站服务。
![Navigating to a nonstandard port produces an error][4]
如果你是通过 80 端口访问同一个网站,就可以(不出所料地)正常访问了。你可以在 URL 后面加上 **:80** 来指定使用 80 端口,不过由于 80 端口是 HTTP 访问的标准端口,所以你的浏览器其实已经默认在使用 80 端口了。
当一台计算机(比如说 web 服务器)准备在指定端口接收网络流量的时候,保持该端口向网络流量开放是一种可以接受的(也是必要的)行为。但是不需要接收流量的端口如果也处在开放状态就比较危险了,这就是需要用防火墙解决的问题。
#### 安装 firewalld
有很多种配置防火墙的方式,这篇文章介绍 [**firewalld**][5]。在桌面环境下它被集成在网络管理器Network Manager在终端里则是集成在 **firewall-cmd** 里。很多 Linux 发行版都预装了这些工具。如果你的发行版里没有,你可以把这篇文章当成是管理防火墙的通用性建议,在你所使用的防火墙软件里使用类似的方法,或者你也可以选择安装 **firewalld**
比如说在 Ubuntu 上,你必须启用 **universe** 软件仓库,关闭默认的 **ufw** 防火墙,然后再安装 **firewalld**
```
$ sudo systemctl disable ufw
$ sudo add-apt-repository universe
$ sudo apt install firewalld
```
Fedora、CentOS、RHEL、OpenSUSE以及其它很多发行版默认就包含了 **firewalld**
无论你使用哪个发行版,如果希望防火墙发挥作用,就必须保持它在开启状态,并且设置成开机自动加载。你应该尽可能减少在防火墙维护工作上所花费的精力。
```
`$ sudo systemctl enable --now firewalld`
```
### 使用网络管理器选择区域
或许你每天都会连接到很多不同的网络。在工作的时候使用的是一个网络,在咖啡馆里是另一个,在家里又是另一个。你的计算机可以判断出哪一个网络的使用频率比较高,但是它并不知道哪一个是你信任的网络。
一个防火墙的 **区域** 里包含了端口开放和关闭的预设规则。你可以通过使用区域来选择一个对当前网络最适用的策略。
你可以打开网络管理器里的连接编辑器(可以在应用菜单里找到),或者是使用 **nm-connection-editor &amp;** 命令以获取所有可用区域的列表。
![Network Manager Connection Editor][6]
在网络连接列表中,双击你现在所使用的网络。
在出现的网络配置窗口中,点击“通用”标签页。
在“通用”面板中,点击“防火墙区域”旁边的下拉菜单以获取所有可用区域的列表。
![Firewall zones][7]
也可以使用下面的终端命令以获取同样的列表:
```
`$ sudo firewall-cmd --get-zones`
```
每个区域的名称已经可以透露出设计者创建这个区域的意图,不过你也可以使用下面这个终端命令获取任何一个区域的详细信息:
```
$ sudo firewall-cmd --zone work --list-all
work
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: ssh dhcpv6-client
  ports:
  protocols:
  [...]
```
在这个例子中,**工作**区域的配置是允许接收 SSH 和 DHCPv6-client 的流量,但是拒绝接收其他任何用户没有明确请求的流量。(换句话说,**工作**区域并不会在你浏览网站的时候拦截 HTTP 响应流量,但是 **会** 拦截一个针对你计算机上 80 端口的 HTTP 请求。)
你可以依次查看每一个区域,弄清楚它们分别都允许什么样的流量。比较常见的有:
* **工作:** 这个区域应该在你非常信任的网络上使用。它允许 SSH、DHCPv6 和 mDNS并且还可以添加更多允许的项目。该区域非常适合作为一个基础配置然后在此之上根据日常办公的需求自定义一个工作环境。
* **公共:** 用在你不信任的网络上。这个区域的配置和工作区域是一样的,但是你不应该再继续添加其它任何允许项目。
* **丢弃:** 所有传入连接都会被丢弃,并且不会有任何响应。在不彻底关闭网络的条件下,这已经是最接近隐形模式的配置了,因为只允许传出网络连接(不过随便一个端口扫描器就可以通过传出流量检测到你的计算机,所以这个区域并不是一个隐形装置)。如果你在使用公共 WiFi这个区域可以说是最安全的选择如果你觉得当前的网络比较危险这个区域也一定是最好的选择。
* **拦截:** 所有传入连接都会被拒绝,但是会返回一个消息说明所请求的端口被禁用了。只有你主动发起的网络连接是被允许的。这是一个友好版的 **丢弃** 区域,因为虽然还是没有任何一个端口允许传入流量,但是说明了会拒绝接收任何不是本机主动发起的连接。
* **家庭:** 在你信任网络里的其它计算机的情况下使用这个区域。该区域只会允许你所选择的传入连接,但是你可以根据需求添加更多的允许项目。
* **内部:** 和工作区域类似,该区域适用于内部网络,你应该在基本信任网络里的计算机的情况下使用。你可以根据需求开放更多的端口和服务,同时保持和工作区域不同的一套规则。
* **信任:** 接受所有的网络连接。适合在故障排除的情况下或者是在你绝对信任的网络上使用。
### 为网络指定一个区域
你可以为你的任何一个网络连接都指定一个区域并且对于同一个网络的不同连接方式比如以太网、WiFi 等等)也可以指定不同的区域。
选择你想要的区域,点击“保存”按钮提交修改。
![Setting a new zone][8]
养成为网络连接指定区域的习惯的最好办法是从你最常用的网络开始。为你的家庭网络指定家庭区域,为工作网络指定工作区域,为你最喜欢的图书馆或者咖啡馆的网络指定公关区域。
一旦你为所有常用的网络都指定了一个区域,在之后加入新的网络的时候(无论是一个新的咖啡馆还是你朋友家的网络),试图也为它指定一个区域吧。这样可以很好地让你意识到不同的网络的安全性是不一样的,你并不会仅仅因为使用了 Linux 而比任何人更加安全。
### 默认区域
每次你加入一个新的网络的时候firewalld 并不会提示你进行选择,而是会指定一个默认区域。你可以在终端里输入下面这个命令来获取你的默认区域:
```
$ sudo firewall-cmd --get-default
public
```
在这个例子里,默认区域是公共区域。你应该保证公共区域有非常严格的限制规则,这样在将它指定到未知网络中的时候才比较安全。或者你也可以设置你自己的默认区域。
比如说,如果你是一个比较多疑的人,或者需要经常接触不可信任的网络的话,你可以设置一个非常严格的默认区域:
```
$ sudo firewall-cmd --set-default-zone drop
success
$ sudo firewall-cmd --get-default
drop
```
这样一来,任何你新加入的网络都会被指定使用丢弃区域,除非你手动将它制定为另一个没有这么严格的区域。
### 通过开放端口和服务实现自定义区域
Firewalld 的开发者们并不是想让他们设定的区域能够适应世界上所有不同的网络和所有级别的信任程度。你可以直接使用这些区域,也可以在它们基础上进行个性化配置。
你可以根据自己所需要进行的网络活动决定开放或关闭哪些端口,这并不需要对防火墙有多深的理解。
#### 预设服务
在你的防火墙上添加许可的最简单的方式就是添加预设服务。严格来讲,你的防火墙并不懂什么是“服务”,因为它只知道端口号码和使用协议的类型。不过在标准和传统的基础之上,防火墙可以为你提供一套端口和协议的组合。
比如说,如果你是一个 web 开发者并且希望你的计算机对本地网络开放(这样你的同事就可以看到你正在搭建的网站了),可以添加 **http****https** 服务。如果你是一名游戏玩家,并且在为你的游戏公会运行开源的 [murmur][9] 语音聊天服务器,那么你可以添加 **murmur** 服务。还有其它很多可用的服务,你可以使用下面这个命令查看:
```
$ sudo firewall-cmd --get-services
amanda-client amanda-k5-client bacula bacula-client \
bgp bitcoin bitcoin-rpc ceph cfengine condor-collector \
ctdb dhcp dhcpv6 dhcpv6-client dns elasticsearch \
freeipa-ldap freeipa-ldaps ftp [...]
```
如果你找到了一个自己需要的服务,可以将它添加到当前的防火墙配置中,比如说:
```
`$ sudo firewall-cmd --add-service murmur`
```
这个命令 **在你的默认区域里** 添加了指定服务所需要的所有端口和协议,不过在重启计算机或者防火墙之后就会失效。如果想让你的修改永久有效,可以使用 **\--permanent** 标志:
```
`$ sudo firewall-cmd --add-service murmur --permanent`
```
你也可以将这个命令用于一个非默认区域:
```
`$ sudo firewall-cmd --add-service murmur --permanent --zone home`
```
#### 端口
有时候你希望允许的流量并不在 firewalld 定义的服务之中。也许你想在一个非标准的端口上运行一个常规服务,或者就是想随意开放一个端口。
举例来说,也许你正在运行开源的 [虚拟桌游][10] 软件 [MapTool][11]。由于 MapTool 服务器应该使用哪个端口这件事情并没有一个行业标准,所以你可以自行决定使用哪个端口,然后在防火墙上“开一个洞”,让它允许该端口上的流量。
实现方式和添加服务差不多:
```
`$ sudo firewall-cmd --add-port 51234/tcp`
```
这个命令 **在你的默认区域** 里将 51234 端口向 TCP 传入连接开放,不过在重启计算机或者防火墙之后就会失效。如果想让你的修改永久有效,可以使用 **\--permanent** 标志:
```
`$ sudo firewall-cmd --add-port 51234/tcp --permanent`
```
你也可以将这个命令用于一个非默认区域:
```
`$ sudo firewall-cmd --add-port 51234/tcp --permanent --zone home`
```
在路由器的防火墙上设置允许流量和在本机上设置的方式是不同的。你的路由器可能会为它的内嵌防火墙提供一个不同的配置界面(原理上是相同的),不过这就超出本文范围了。
### 移除端口和服务
如果你不再需要某项服务或者某个端口了,并且设置的时候没有使用 **\--permanent** 标志的话,那么可以通过重启防火墙来清除修改。
如果你已经将修改设置为永久生效了,可以使用 **\--remove-port** 或者 **\--remove-service** 标志来清除:
```
`$ sudo firewall-cmd --remove-port 51234/tcp --permanent`
```
你可以通过在命令中指定一个区域以将端口或者服务从一个非默认区域中移除。
```
`$ sudo firewall-cmd --remove-service murmur --permanent --zone home`
```
### 自定义区域
你可以随意使用 firewalld 默认提供的这些区域,不过也完全可以创建自己的区域。比如如果希望有一个针对游戏的特别区域,你可以创建一个,然后只有在玩儿游戏的时候切换到该区域。
如果想要创建一个新的空白区域,你可以创建一个名为 **game** 的新区域,然后重新加载 firewall 规则,这样你的新区域就启用了:
```
$ sudo firewall-cmd --new-zone game --permanent
success
$ sudo firewall-cmd --reload
```
一旦创建好并且处于启用状态,你就可以通过添加玩游戏时所需要的服务和端口来实现个性化定制了。
### 勤勉
从今天起开始思考你的防火墙策略吧。不用着急,可以试着慢慢搭建一些合理的默认规则。你也许需要花上一段时间才能习惯于思考防火墙的配置问题,以及弄清楚你使用了哪些网络服务,不过无论是处在什么样的环境里,只要稍加探索你就可以让自己的 Linux 工作站变得更为强大。
--------------------------------------------------------------------------------
via: https://opensource.com/article/19/7/make-linux-stronger-firewalls
作者:[Seth Kenlon][a]
选题:[lujun9972][b]
译者:[chen-ni](https://github.com/chen-ni)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/seth
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/BUSINESS_buildtogether.png?itok=9Tvz64K5 (People working together to build )
[2]: https://tools.ietf.org/html/rfc793
[3]: https://tools.ietf.org/html/rfc433
[4]: https://opensource.com/sites/default/files/uploads/web-port-nonstandard.png (Navigating to a nonstandard port produces an error)
[5]: https://firewalld.org/
[6]: https://opensource.com/sites/default/files/uploads/nm-connection-editor.png (Network Manager Connection Editor)
[7]: https://opensource.com/sites/default/files/uploads/nm-zone.png (Firewall zones)
[8]: https://opensource.com/sites/default/files/uploads/nm-set.png (Setting a new zone)
[9]: https://www.mumble.com/
[10]: https://opensource.com/article/18/5/maptool
[11]: https://github.com/RPTools